As a Singaporean, I’m shook that the system can be broken so seemingly easily.
As for a human being (myself) it is hard as it is to transfer my CPF (similar to a pension fund) for payments such as housing, medical, investments etc without having a million OTPs, gov app (Singpass) verifications etc.
All things considered, $100+K out of $10M is ~1%, is not much for scam amounts lost from CPF (pension).
That must’ve been one heck of a social scam; probably got the person to input a lot of their personal details as well.
It’s so sad that we learned nothing since the early 2000s. “Please send me money here’s payment.exe” shouldn’t work anymore.
I do wonder how it gains these additional permissions, though. Overlay scams don’t work for (competently developed) banking apps, so the app needs to either have a system signature to bypass security mechanisms or root access.
Are they exploiting known vulnerabilities? 0days? Anyone have a link with more details about how the malware itself actually works?
And this is why, as per another post about someone asking why their banking app doesn’t work, banking apps are locked down much harder.
We need to educate people not to fall for this shit.
