Beware of .APK Scam

Did you know, clicking on a link for a wedding invitation could turn you into a cybercrime victim?

Not many of us would suspect that a simple invitation received via WhatsApp, or Telegram could lead to losing money, or worse, our identity.

We are constantly bombarded with messages on offers, promotions, and invitations, and sometimes, without a second thought, we click on the link, especially when the deal seems too good to ignore. The use of communication apps like WhatsApp and Telegram, along with social media, has led to an increase in online fraud, mainly due to users' tendency to overlook security and favour convenience over safety.

What is .APK scam?

Malware scams are on the rise, and if we are not careful, we may unintentionally open an APK (Android Package Kit) file containing malicious software or also known as malware. It can then steal your personal and financial data by accessing all information stored on your phones, including passwords, messages, call history, and phone numbers.

Those who have become victim to the malicious APK files risk exposing themselves to data breaches, granting third parties’ backdoor access and giving them complete control over their mobile phones and even their banking apps. Some victims have even reported they could only watch helplessly as their phones moved on their own, initiating unauthorized transactions and transferring money to the unidentified third-party account.

How does the .APK Scam Works?

One click can be costly for you, besides wedding invitations and promotions, there is also the fake Bank Negara app that installs the APK file once a victim downloads the app.

1. Scammers send a fake .APK file disguised as a useful app to lure victims into downloading it.

2. Victims install the app and grant permissions, unknowingly allowing access to their device.

3. The malicious app steals sensitive data, such as passwords, banking details, and personal information.

4. With the stolen information, scammers can gain access to the victim’s bank accounts and perform unauthorised transactions.

Example of fake Bank Negara app:

Source: Malaysia Computer Emergency Response Team (MyCERT)

How To Protect Yourself from Becoming a Victim of .APK Scam

1. Verify and download applications only from official app platforms like Google Play, Apple App Store, and Huawei App Gallery to ensure your phone's safety.

2. Never click or download .APK files received from strangers posing as package couriers or bank employees, even if they claim to have sent you the wrong message or urgent news, including suspicious links that may automatically download .APK files, like the one received from an unknown third party. Always ignore and delete such files immediately to protect your device and personal information.

3. Reboot your phone on a regular basis and check for background applications that may be running without you even realising it. Some malicious apps operate silently in the background, collecting sensitive data or even accessing banking details.

4. Be sceptical of urgent requests that pressure you into taking immediate action, such as messages claiming your account will be blocked or offering limited time rewards.

5. Only perform financial transactions on legitimate and secure websites. Look for the lock icon next to the website address in your browser. This indicates that the connection between your browser and the website server is encrypted, meaning your data is secure and less likely to be intercepted.

What to Do if You Are a Victim of .APK Scam

1. Uninstall the Malicious App Immediately

Delete the fake app that contain the malicious .APK file from your phone as soon as possible and change the SMS setting to default.

2. Contact Your Bank Immediately

If you suspect unauthorized access to your bank account, call your bank’s official hotline right away. Request to freeze your account, change your online banking credentials, and block any unauthorized transactions to protect your funds.

3. Contact ASNB Customer Service Centre

If the unfortunate event that you become a victim to scam, or suspect unauthorized access to your bank account, reach out to ASNB Customer Service Centre to ensure your ASNB account has not been compromised.

4. Report the Scam to Authorities

Call the National Scam Response Centre (NSRC) at 997 to report the incident. Also, file a police report to document the scam, which may be necessary for investigations and potential financial recovery.

5. Review Your Bank Statements

Check your banking app, transaction history, and SMS or email alerts for any unauthorized transactions. Take screenshots as evidence and report any suspicious activity to your bank immediately.

Cybercriminal tactics are evolving rapidly, becoming more sophisticated and deceptive. Scammers are no longer just impersonating authorities, these days they are exploiting our habits, and daily digital interactions to gain unauthorized access to sensitive data.

To stay protected, we must adopt proactive cybersecurity habits, so remember only download apps from official platforms, think twice before clicking on shared links, and stay sceptical of unsolicited messages. Awareness and quick action can mean the difference between safeguarding your financial security and falling victim to cyber fraud. Stay informed, stay cautious, and always verify before you click.