Android users are being warned to stay vigilant, as a surge in malware scams has resulted in at least 128 reported cases and over $2.4 million in losses since February 2025.

The police said in an advisory that scammers have been targeting victims through Facebook and TikTok ads, enticing them with offers for goods or services.

After victims express interest, they are contacted via WhatsApp and asked to make a small upfront payment, often through a suspicious URL.

When payment fails, victims are then instructed to download a malicious Android app (APK file) sent through WhatsApp to ‘resolve the issue’.

Once installed, the app secretly grants scammers remote access to the victim’s device, allowing them to steal banking credentials and SMS OTPs (one-time passwords).

This enables scammers to make unauthorised transactions either through the victim’s phone or from their own devices.

To bypass built-in protections, scammers often instruct victims to disable Google Play Protect and, in some cases, to download VPN apps to assist in gaining deeper access to the device.

What to do if you suspect your phone has been infected

If you think you may have downloaded malware:

  • Switch your phone to flight mode immediately and turn off Wi-Fi.

  • Run an anti-virus scan on your phone.

  • Check your bank, Singpass, and CPF accounts using another device for unauthorised transactions.

  • Report suspicious activity to your bank, relevant authorities, and the police.

  • Do not factory reset your phone until police have assessed it, as this may affect investigations.

How to protect yourself

The police urge the public to take the following steps:

  • A – ADD: Download ScamShield and a trusted anti-virus app. Enable Google Play Protect. Disable “Install Unknown Apps” in settings.

  • C – CHECK: Use ScamShield to verify messages and links. Be cautious if asked to disable security features or install unknown apps.

  • T – TELL: Inform friends, family, and authorities. Report scam accounts and suspicious activity immediately.

More information and resources are available at www.scamshield.gov.sg.