PSA: Don't Click Or Download Any .APK Files You Receive Online

These files are usually sent via email, WhatsApp, and Telegram.

Cover image via Prakasit Khuansuwan (Vecteezy) & Smartmockups (Edited by SAYS)

Follow us on Instagram, TikTok, and WhatsApp for the latest stories and breaking news. 

This Spotlight is sponsored by The Association of Banks in Malaysia (ABM) & Association of Islamic Banking and Financial Institutions Malaysia (AIBIM).

According to the National Scam Response Centre (NSRC), over 2,500 phishing and .APK cases involving RM19 million in losses were reported between October 2022 and June 2023

Online scams come in many forms, but malware scams, in particular, have been on the rise lately.

Malware scams involve tempting victims to download or click on all sorts of malicious and harmful software, including Android Package Kit (APK) files.

Unrequested and undetected, malware allows scammers to steal personal information and data when it's installed on your computer and smartphone.

.APK files are often disguised as apps, games, photos, and videos, and are usually sent via email, WhatsApp, or Telegram

They can also come in the form of online advertisements that bait users to click on them. In June this year, scammers were sending messages that contained malware of Pink WhatsApp, WhatsApp's supposed upgraded version that lets users send larger files easily.

Some scammers even pose as delivery riders, sending .APK files disguised as image files to get users to click on them. Many scammers also pretend to be wedding agencies who claim to be sending wedding invitations on behalf of their clients.

Here are a few real-life incidents provided by the Association of Banks in Malaysia (ABM):

Most users often assume the .APK files they receive on social media are harmless, and tend to click on them

The .APK file will then prompt you to download an application on your phone or computer. Once downloaded, the app will request various permissions, allowing scammers to potentially gain full access to your phone or computer.

When this happens, scammers are able to control your device. In some cases, scammers will also display a fake payment page to steal your credentials, like your bank account number, login details, and more.

This allows the scammers to commit identity theft, as well as steal money and private information from you. 

As such, this is a PSA for you to never ever click or download any .APK files you receive, even if they were forwarded from your friends or family.

Here are a few steps to help you avoid downloading .APK files:

Image via Maybank

1. Stick to official app stores
You should only download apps from your smartphone's official application platforms, such as Google Play, the Apple App Store, and HUAWEI App Gallery.

2. Only key in your login credentials on official websites
You should always double-check the website you're on. Don't ever provide your login credentials to websites and applications you're not familiar with.

3. Avoid clicking on links from a third party
Don't click on links or download files from unverified sources, especially if they're shared via email, messages, or social media.

4. Review your app permissions
Review the permissions requested by an app before installation. Be cautious if an app asks for unnecessary access to your device's features or data.

So, the next time you come across an enticing link or receive an .APK file from an unknown source, exercise caution and avoid clicking or downloading it

To learn more about malware scams, head over to the #JanganKenaKecam website, which is part of the efforts of ABM, AIBIM, and the banks in Malaysia.

Don't fall prey to other form of scams as well. Check out these stories:

Got some cool brand news to share?

Image via SAYS

Take a look at all of our Spotlight stories to date here

Catch up on the latest brand buzz in Malaysia: