The 2023 cyber fraud and money-laundering scheme in Hong Kong, Malaysia and Singapore has finally been taken down in June 2024
Last year, a joint operation of the Hong Kong, Malaysian and Singapore police forces had culminated in the arrest of the cyber fraud syndicates suspected of running an Android Remote Access Trojan (RAT) campaign in Singapore and Hong Kong earlier. More than 4,000 victims had been defrauded across South-east Asia.
As part of “Operation DISTANTHILL”, the Hong Kong Police Force (HKPF) had apprehended 10 men and four women aged between 19 and 61 on charges of fraud conspiracy and money laundering. At least 260 variants of the RAT were found stored on command and control (C2) servers in Hong Kong and other South-east Asian countries.
Recently, between 12 and 13 June, two men in Malaysia aged 26 and 47 were arrested in a joint cross-border operation led by the Singapore Police Force (SPF), the HKPF and the Royal Malaysia Police (RMP). The suspects were charged with organizing cyberattacks and controlling more than 50 C2 servers.
According to one of the cybersecurity firms assisting in joint operation, Group-IB, the RAT attacks targeted Android users through phishing campaigns, enticing victims to download and install fake apps onto their mobile devices. The fake apps were often disguised as sales platforms offering special prices for goods and food items. Once installed, and the necessary system access permissions granted, the RAT allowed threat actors to gain remote control of the host Android device, enabling them to capture sensitive personal data and passwords, monitor SMS messages and one-time passwords (OTP) sent by financial organizations for second factor authentication. The syndicate even advertised their skills as a Malware-as-a-Service scheme, which had also claimed victims in different parts of the world, including those in the Middle East and Europe.
Group-IB’s experts were instrumental in analyses of the malware-as-a-service campaign, the settings of over 250 phishing web pages, and many other aspects of the tactics, techniques and procedures. According to the firm’s CEO, Dmitry Volkov: “We encourage others to join us in fighting cybercrime, and by pooling our resources, expertise, and technology, we can strengthen global cybersecurity.”
