Maybank warns of malicious SMSSpy campaign targeting Android users in Malaysia

Victims will be told to make payment to unfreeze their accounts and instructed to download the malicious app to complete the payment process. — Photo by Gilles Lambert on Unsplash

PETALING JAYA: Maybank has released an alert urging customers to refer to an advisory by the Malaysia Computer Emergency Response Team (MyCert) about the latest fraud campaign, known as SMSSpy, which is targeting Internet users in the country.

According to MyCert, cybercriminals are using the Android malware to steal victims’ online banking credentials.

“Once installed, this malicious app is able to view any SMS sent to the mobile phone, which includes obtaining TAC numbers to perform Internet banking transactions,” Maybank said in the post on Facebook.

ALSO READ: Bank scams increasingly targeting mobile users, says cybersecurity firm

A report by cybersecurity research firm WeLiveSecurity claimed that SMSSpy targeted Malaysian users exclusively when it was first identified in late 2021. It added that a campaign was launched to target customers of popular banks in Malaysia by exploiting the trend of online shopping via smartphones.

“Instead of phishing for banking credentials on websites, the threat actors have introduced Android applications into the chain of compromise, thus making sure they have access to 2FA (two-factor authentication) SMS messages the victim is likely to receive,” WeLiveSecurity said in its report.

To convince users to download the malicious app, MyCert said cybercriminals will typically pose as a person from a law enforcement agency and call victims to inform them that they have been involved in a criminal activity and that their accounts will be frozen.

ALSO READ: 75-year-old in SG lost S$1mil in China officials impersonation scam

The victim will then be told to pay a sum of money to unfreeze their accounts, and thus instructed to download the malicious app to complete the payment process.

MyCert added that cybercriminals are also deploying fake websites impersonating legitimate companies and placing ads on Facebook to persuade potential victims to visit these malicious websites, which aim to trick potential victims into both downloading the malicious Android malware and divulging their personal banking information.

According to MyCert, all eight fake websites impersonated services only available in Malaysia to target victims, namely Grabmaid, Maria's Cleaning, Maid4u, YourMaid, Maideasy, MaidACall, MyMaidKL and Petsmore.

To avoid financial losses and disclosure of personal data, MyCert urged smartphone users to always verify an application’s permissions and the app’s author or publisher before installing it, and to never click on suspicious links sent via SMS or messaging services.

Users should also only download apps from a trusted app marketplace and ensure their device’s operating system and apps are updated regularly. They are also urged to contact Cyber999 for any enquiries or assistance related to this threat.

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

U.S. says it 'hacked the hackers' to bring down ransomware gang
Sony's gaming chief met EU's Vestager on Microsoft's Activision deal -source
U.S. lawsuit against Google could benefit Apple and others
Royal mail resumes more services after cyber incident
U.S. Treasury, financial watchdogs, companies among FTX creditors, filing shows
Industry body clarifies what happens when crypto derivatives crash
With eyes on FTX bankruptcy, U.S. regulator seeks more due diligence authority
Mobileye expects smooth ride in 2023 as customers lap up autonomous tech
Japan's Suzuki to invest $35 billion through 2030 in EVs
Dutch central bank fines cryptocurrency exchange Coinbase 3.3 million euros

Others Also Read