MyCERT (Malaysia Computer Emergency Response Team) has now issued warnings and alerts to users related to the SMSSpy campaign targeting internet users in Malaysia.
Two campaigns were used in attacking local consumers to steal users ’personal banking information, and in turn stealing money on users’ accounts.
The first campaign was through disguise as an enforcement agency. The victim received a phone call from the LEA informing them that they had financial arrears for the victim’s company or were involved in a crime where a freeze of the victim’s financial account would be implemented. In this case, the victim has to pay a sum of money to cancel the freezing action and the victim is instructed to download a malicious Android application to complete the payment process.
For the second campaign, it stole the victim's personal information through fake websites and applications. Ads on Facebook are used in influencing victims to download fake apps, and in turn steal money from users.
MyCERT said as a result of the investigation, there were eight websites disguised as service providers, namely Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy, MaidACall and MyMaidKL in the field of cleaning services; and PetsMore as a pet store.
As a result, the victim lost money from the victim's bank account and the victim's personal information was also stolen.
As a precaution, people are asked to download only from official sources-and check the publisher’s info before downloading.
At the same time, do not click on adware or suspicious URLs sent via SMS service.
You are also required to constantly update applications and operating systems to the latest version. You can contact Cyber999 for any questions or assistance regarding this threat.