KUALA LUMPUR: The police have managed to bust a scam syndicate utilising Android Application Package (APK) files following the arrest of two local men in raids in Penang and Johor on Wednesday.

Bukit Aman Commercial Crimes Investigation Department director Datuk Seri Ramli Mohamed Yoosuf said investigations revealed the men, 27 and 48, were suspected members of the ‘Trojan Spymax’ syndicate that is directly involved in scams in the Asia region, especially in Singapore, and acted as a malware salesperson and a manager of the rented server that hosted the APK files.

“The syndicate offered products and services on social media channels and victims who were interested in buying would be given an APK link that needed to be installed on their devices as part of the purchase process.

“The APK files were malicious software and could hack the victim’s phone and provide access to the syndicate to read the one-time password (OTP) in SMS, create mirror screens, access contact lists, and provide remote access,” he said in a statement tonight, adding that the police seized three mobile phones, passports, identification cards, watches totalling RM6,000 during the arrests.

The suspects are waiting to be extradited to Singapore where they will be prosecuted, he added.

Ramli said the operation was the result of a year’s cooperation with the Singapore police in identifying, gathering and confirming the identity of syndicate members who hid behind the technology, and successfully crippled the syndicate’s infrastructure and operations in the region.

“The public is urged to be cautious when downloading and installing any software on their devices.

“Any application downloaded to smartphones should be done via secure platforms such as Google Play and App Store only,” he added.