Lam said the apps, planted with the Trojan virus, impersonated businesses such as banks, financial institutions, media players, and dating and camera apps.

He revealed that 192 of the servers were in the city and cybercriminals kept switching to different ones in Hong Kong and abroad to avoid detection.

The Post learned that the registered subscribers for the servers were individuals in mainland China, the Philippines and Cambodia who had set up their accounts online.

According to police, hackers sent phishing SMS messages that appeared to be from official sources and directed recipients to click on a link.

Hong Kong police arrest 13 syndicate suspects for laundering HK$168 million

Clicking on the link would result in the bogus apps being downloaded into the recipients’ smartphones, allowing the hackers to steal their victims’ personal information such as bank account and credit card details, phone contacts and photographs.

Such data would be sent to the servers in Hong Kong and elsewhere before being transferred to another 153 overseas.

Superintendent Wilson Fan Chun-yip, also from the cybercrime bureau, said the criminals could use the stolen data to transfer money from the victims’ accounts and shop online.

He said the hackers could read all text messages and emails, listen to audio recordings and track people’s locations, and could even turn on their victims’ smartphones to eavesdrop on conversations and take photographs secretly.

Police arrest 56 for scamming HK$7 million out of Hong Kong and Macau residents

The investigation revealed that the servers stored personal data stolen from 519 phones belonging to people in different countries, mostly Japan and South Korea. None of the victims lived in Hong Kong, police said.

“We believe it was an overseas-based syndicate that made use of the city’s internet network to carry out its illegal activities,” Lam said.

No arrests were made in the city, but police identified some suspects and passed their information to related overseas enforcement agencies via Interpol.

“We believe the syndicate ceased its illegal operations after the joint operation with Interpol,” he said.

Meanwhile, Hong Kong police dealt with 473 phishing attacks in the first 10 months of last year, involving financial losses of HK$8.9 million (US$1.1 million). The biggest loss in a single case was HK$170,000.

There were 18,660 reports of cybercrimes over that period, up two-fifths from 13,163 cases in the same period of 2021. The amount victims reported lost rose by almost a tenth to HK$2.65 billion.

Hong Kong saw a sevenfold increase in technology-based crimes in the decade from 2011 to 2021.

Cybercrime reports jumped from 2,206 in 2011 to 16,159 in 2021, while the amount of money leapt 20 times to HK$3.02 billion in 2021.

HK$9.64 million love scam: ‘cancer patient in Poland’ dupes Hong Kong woman

Police urged the public to stay alert and avoid connecting to any suspicious websites or mobile apps via hyperlinks embedded in emails or text messages, and to only download applications from official app stores.

Anyone who receives suspicious calls or comes across online sellers, friend requests, job advertisements and investment websites, can use the Scameter to check the risks.