PETALING JAYA: Maybank has launched an alert urging clients to confer with an advisory by the Malaysia Computer Emergency Response Team (MyCert) concerning the newest fraud campaign, often known as SMSSpy, which is targeting Internet users in the nation.
According to MyCert, cybercriminals are utilizing the Android malware to steal victims’ on-line banking credentials.
“Once installed, this malicious app is able to view any SMS sent to the mobile phone, which includes obtaining TAC numbers to perform Internet banking transactions,” Maybank mentioned in the post on Facebook.
A report by cybersecurity analysis agency WeLiveSecurity claimed that SMSSpy focused Malaysian users completely when it was first recognized in late 2021. It added {that a} campaign was launched to focus on clients of fashionable banks in Malaysia by exploiting the pattern of on-line procuring by way of smartphones.
“Instead of phishing for banking credentials on websites, the threat actors have introduced Android applications into the chain of compromise, thus making sure they have access to 2FA (two-factor authentication) SMS messages the victim is likely to receive,” WeLiveSecurity mentioned in its report.
To persuade users to obtain the malicious app, MyCert mentioned cybercriminals will sometimes pose as an individual from a regulation enforcement company and name victims to tell them that they’ve been concerned in a legal exercise and that their accounts can be frozen.
The sufferer will then be informed to pay a sum of cash to unfreeze their accounts, and thus instructed to obtain the malicious app to finish the cost course of.
MyCert added that cybercriminals are additionally deploying faux web sites impersonating respectable firms and inserting advertisements on Facebook to influence potential victims to go to these malicious web sites, which purpose to trick potential victims into each downloading the malicious Android malware and divulging their private banking info.
According to MyCert, all eight faux web sites impersonated companies solely accessible in Malaysia to focus on victims, particularly Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy, MaidACall, MyMaidKL and Petsmore.
To keep away from monetary losses and disclosure of private knowledge, MyCert urged smartphone users to at all times confirm an software’s permissions and the app’s creator or writer earlier than putting in it, and to by no means click on on suspicious hyperlinks despatched by way of SMS or messaging companies.
Users must also solely obtain apps from a trusted app market and guarantee their system’s working system and apps are up to date often. They are additionally urged to contact Cyber999 for any enquiries or help associated to this menace.
