The Hong Kong police, together with Interpol, have uncovered the activities of an international phishing syndicate that used 563 fake mobile apps to spy on and steal information from smartphones around the world.
According to Raymond Lam Cheuk-ho of the cybersecurity and technology crime bureau, the police also tracked down 258 servers around the world that were linked to these phishing apps.
Codenamed "Magicflame", the operation was launched in February 2022 amid rising cybercrime around the world. Some victims lost their last savings after hackers stole their personal data and ransacked bank accounts.
Lam Cheuk-ho said the malicious apps posed as banks, media players, dating apps, cameras, and more. He said that 192 of the 258 servers were located in Hong Kong itself, and cybercriminals used a tunneling system to avoid detection by law enforcement officials.
According to police, the hackers sent phishing SMS messages and asked recipients to click on a link. Clicking on the link led to the download of fake apps on the victims' smartphones, allowing the hackers to steal personal information such as bank account, credit card, phone contacts and photos over time.
Wilson Fan Chun-yip, from the same bureau, said that the criminals could use the stolen data to transfer money from victims' accounts and make purchases online. He also said that the hackers were able to read all text messages and emails, listen to audio recordings, and track the location of people. The attackers also did not hesitate to eavesdrop on their victims in real time through a voice recorder and secretly take photos from the camera.
The investigation showed that the cybercriminals' servers stored personal data stolen from 519 smartphones belonging to people from different countries, mainly from Japan and South Korea. None of the victims lived in Hong Kong, police said.
“We believe it was an overseas syndicate that used the city's Internet network to carry out their illegal activities,” Lam Cheuk-ho said.
No arrests were made in the city, but the police identified some suspects and passed their information to the relevant foreign law enforcement agencies through Interpol. “We believe that the syndicate stopped their illegal operations after discovering their activities,” Lam Cheuk-ho added.
Last year, the Hong Kong police cracked down on 473 phishing attacks resulting in a financial loss of HK$8.9 million (US$1.1 million). During this period, 18,660 cybercrime reports were registered, which is a significant increase compared to 13,160 cases for the same period in 2021.
The police urged the public to remain vigilant and avoid connecting to any suspicious websites or mobile apps through hyperlinks in emails or text messages, and only downloading mobile apps from official stores.
To combat online and telephone fraud, the Hong Kong police even launched a separate service last September. The "Scameter" search engine, available on the CyberDefender website, helps to break through suspicious calls, messages, friend requests, phishing sites, etc. to minimize the risk of running into scammers.