1. What is malware?

    Malware or “malicious software” is any software that is used to disrupt operations, gather sensitive information or gain access to a device, including a smartphone.

  2. How can my smartphone get infected by malware?

    Smartphones are infected by malware when customers download and install unauthorised/illegitimate applications that are laced with malware. Once the malware infects a customer’s smartphone and obtains privileged access rights, it can gain control over the smartphone to intercept messages, monitor calls, steal personal information, and even listen in with the device's microphone.

  3. Is Internet and Mobile Banking safe to use?

    Yes. Banks in Singapore have implemented various security measures such SMS One Time Password (OTP), fraud monitoring, transaction-signing and transaction alerts to protect customers against fraudulent online transactions.

    As banks have strong controls to protect their systems and infrastructure against cyber-attacks, hackers are increasingly turning their attacks on users through social engineering and malware. If a customer’s smartphone is compromised or infected by malware, hackers can intercept information that the customer provides or SMS OTPs the customer receives on his/her smartphone when performing online financial transactions. Hence, it is important that customers observe all necessary security safeguards in using his/her smartphone.

    ABS and the financial industry continue to work closely to provide timely alerts and advisories to consumers on cyber threats that may affect them, as well as measures that customers could take to protect themselves.

  4. What should I do if I discover fraudulent transactions made on my banking or credit card statement due to mobile malware?

    1. Call your bank immediately to advise them on these fraudulent transactions.
    2. Make a police report on these unauthorised transactions.
    3. Do not use your smartphone to perform any banking or financial transactions across any banks include online e-commerce transactions

    When online fraud is reported by a customer, the bank will investigate to establish the responsibility and liability for such transaction. In some reported cases of online fraud, consumers had provided credit card/bank information on websites without verifying that that they were legitimate. They also downloaded applications laced with malware from unauthorised/illegitimate sites. These allowed hackers to “take control” of the consumers’ smartphones to perform fraudulent online transactions. The $100 liability protection against fraudulent transactions is for physical card loss or theft and does not apply for such cases. Consumers may approach the Financial Industry Disputes Resolution Centre (FIDREC) to assist them if they are not satisfied with the banks’ decisions.

  5. How can I prevent my smartphone from being infected by malware?

    1. Do not download applications from unauthorised or illegitimate app stores, or random download locations on the internet. Do not click on hyperlinks from messages, emails if you are unsure of the source.
    2. Install an anti-virus/malware software on your smartphone.
    3. Be alert especially if a screen on your mobile device suddenly pops up and asks for your confidential information, even if you did not open your applications or initiate any activity;
    4. Avoid using public/unsecured WiFi when transacting with sensitive information or mobile internet banking. Cybercriminals can use these WiFi networks to snoop and pry on your smartphone.
    5. Secure your smartphone with a password, pin or a relevant mechanism to prevent unauthorised use.
    6. Do not “root” or “jailbreak” the smartphone, as this could compromise smartphone security.
    7. If there is an update for your device from legitimate sources such as Google Play Store, or Apple Play Store, install it. New updates are sometimes used to fix bugs and address security vulnerabilities.
    8. As cybercriminals’ mode of operations and malware could constantly be evolving, visit your bank’s websites for more information and latest updates on other signs to watch out for.
  6. What are some of the symptoms of mobile malware infection?

    1. Bad Battery Life: Whether malware is hiding in plain sight, pretending to be a regular application, or trying to stay hidden from the user, abnormal battery drainage can often give away the presence of an infection. This could be due to malware utilising the system resources to perform its actions (e.g., communicating with a command and control server) in the background.
    2. Dropped Calls and Disruptions: Mobile malware can affect outgoing and incoming calls. Frequently dropped calls or disruptions during a conversation could be the interference of mobile malware. Call your service provider to determine if the dropped calls are its fault. If it’s not, it is possible that someone or something is trying to eavesdrop on conversations or perform other suspicious activities.
    3. Unusual Phone/Data Bills: Android malware often infects devices and starts sending SMS text messages to premium-rated numbers. Some malware may send an SMS message just once a month to avoid suspicions, or they may uninstall themselves after causing unusually large mobile/data bills. Malware can also smuggle, steal and send sensitive data from your device to a third-party. Significant changes in your download or upload patterns could be a sign that someone or something has control over your device.
    4. Clogged Performance: Malware infection may cause serious performance problems as it tries to perform unauthorised activities in the background such as read, write or sending data from your smartphone. Checking RAM (Random Access Memory) use or CPU load could reveal the presence of malware that’s actively running on the device.
    5. Suspicious Applications: If you notice an unusual change in the look-and-feel of your smartphone (such as new icons or applications), malware may have infected your phone.