KUALA LUMPUR: Two Malaysians reported to have been extradited to Singapore today are suspected members of an international fraud syndicate known as Trojan Spymax.
Bukit Aman Commercial Crime Investigation Department (CCID) director Datuk Seri Ramli Mohamed Yoosuf said they were arrested in Penang and Johor last Wednesday.
He said the arrests of the 27-year-old and 48-year-old were made during an operation conducted by the CCID team, Interpol together with the Singapore Police Force (SPF).
"Both are suspected members of the Trojan Spymax syndicate directly involved in an international fraud syndicate actively operating in the Asia region, particularly in Singapore.
"The two individuals detained are believed to have roles as sellers of malware and managers of server rentals that house Android Package Kit (APK) files," he said in a statement today.
He said police also seized three smartphones, one passport, one identification card, and one wristwatch, with an estimated value of RM6,000.
"Based on investigations, this syndicate is known to offer products and services through social media platforms such as Facebook, Instagram, and similar platforms.
"Interested buyers would be provided with links to APK files that need to be installed on their phones as part of the purchasing process," he said.
Ramli said the APK files provided by the suspects were malicious software that could hack into victims' phones.
"When opened, it allows the fraud syndicate to access One-Time Passwords (OTPs) in Short Messaging Service (SMS), screen mirroring, contact lists, and remote access to the victims' devices.
"This operation is the result of a nearly year-long cooperation between PDRM and the Singapore Police in identifying, gathering, and verifying the identities of syndicate members hiding behind internet and computer technologies from several different countries.
"All arrests and seizures have been handed over to Interpol for extradition to Singapore for prosecution purposes.
"Through these arrests, CCID believes it has crippled the infrastructure and operations of this APK malware syndicate in the region," he said.
Meanwhile, he advised the public to be cautious when downloading and installing any software on their devices.
"Any downloading of application files to smartphones should only be done through secure platforms like Google Play and the App Store," he said.
Earlier, SPF stated today that two Malaysian men linked to software fraud against Singapore residents since June 2023 have been extradited from Malaysia and will be charged today.
They said initial investigations indicated both men were charged with operating servers to infiltrate Android mobile phones with malicious intent to control the phones.
The application allows scammers to modify the content of victims' mobile phones and gain access to their bank accounts.
The two men in question were charged with unauthorized computer material modification.
If found guilty, they could be imprisoned for up to seven years, fined up to S$50,000 (RM 173,500), or both.