The Malaysia Computer Emergency Response Team (MyCERT) has warned Malaysians of cybercriminals that are using malicious Android apps to target internet users in our country. Through a campaign called ‘SMSSpy’, these cybercriminals are utilising mischievous tactics to steal and obtain users’ private banking information.
In an advisory posted on 13 June 2022, MyCERT asserted that SMSSpy are exerting two campaigns. The first campaign involves the cybercriminals calling victims and posing as law enforcement officers to trick them into downloading a malicious Android app to allegedly ‘settle’ their outstanding payments.
As for the second campaign, the cybercriminals use phishing websites that look similar to the official website of popular services in Malaysia. Furthermore, they are also utilising Facebook ads to promote services that look legitimate but are merely a front for phishing sites. Among the ‘services’ sites that MyCERT has found include Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy, MaidACall, MyMaidKL and PetsMore.
Through these phishing sites and malicious Android apps, the cybercriminals are able to obtain personal banking information and worse, steal money from the victims’ bank accounts. Hence, do be careful when downloading Android apps and make sure to only use legitimate services and websites before keying in your personal data!
For more information on these malicious Android apps and other advisories to keep you safe online, do visit MyCERT’s official website here. Moreover, for more tech news such as this, do stay tuned to us at TechNave.