Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Malaysia. Show all posts
malware
Bank Accounts Hacking links Malaysia malware

Fake Wedding Invitations Used to Hack Phones in Southeast Asia

 



Cybercriminals have found a new way to trick smartphone users, fake wedding invitations. According to cybersecurity researchers, a newly discovered malware named Tria is being used to infect Android devices, primarily in Malaysia and Brunei. The attackers are disguising malicious links as wedding invitations and sending them via WhatsApp and Telegram to unsuspecting victims.  

Once a user clicks the link and downloads the application, the malware starts working silently in the background, stealing sensitive personal information.  


How the Malware Works  

This cyberattack has been active since mid-2024. It follows a simple but effective strategy:  

1. The hackers send a fake wedding invitation through group or private chats.  

2. The invitation asks recipients to download an app to access event details.  

3. Once installed, the app secretly collects private information from the victim’s phone.  

The stolen data includes:  

  • Text messages (SMS)  
  • Emails from accounts like Gmail and Outlook 
  • Call history  
  • Messages from apps like WhatsApp and WhatsApp Business  


Cybersecurity experts warn that this stolen data can be used in several ways, including:  

1. Hijacking banking accounts  

2. Resetting passwords for email and social media  

3. Taking over messaging apps to send fraudulent messages  


Why Hackers Want Control of Your Messaging Apps  

One of the biggest concerns is that hackers aim to take control of WhatsApp and Telegram accounts. Once they gain access, they can:  

  • Send malicious links to more people, spreading the malware further.  
  • Pretend to be the victim and ask contacts for money.  
  • Steal private conversations and sensitive business information.  


To process the stolen data, cybercriminals use Telegram bots, automated systems that collect and sort the information.  

  • One bot gathers data from messaging apps and emails.  
  • Another bot handles SMS messages.  

The exact group responsible for this attack is unknown, but cybersecurity researchers suspect that the hackers speak Indonesian. They have not been linked to any specific organization yet.  


Similarities to Previous Attacks  

This type of scam is not entirely new. In 2023, cybersecurity experts discovered a malware campaign called UdangaSteal, which targeted users in Indonesia, Malaysia, and India.  

1. UdangaSteal also used fake invitations and job offers to trick victims.  

2. It mainly focused on stealing SMS messages.  

However, Tria is more advanced because it collects a wider range of data, including emails and instant messaging conversations.  


How to Protect Yourself  

Cybersecurity experts recommend taking extra precautions to avoid falling victim to such scams:  

1. Be cautious of unexpected messages, even from known contacts.  

2. Never download apps from links shared in messaging apps.  

3. Use official app stores (Google Play Store) to download apps.  

4. Enable two-factor authentication (2FA) for your accounts.  

5. Verify invitations by calling or messaging the sender directly.

As online scams grow more intricate, staying vigilant is the best way to protect your personal data. If something seems too unusual or suspicious, it’s best to ignore it.

Read more »
Malaysia
Artificial Intelligence Cyber Attacks Deepfake Technology Malaysia

Why AI-Driven Cybercrime Is the Biggest Threat of 2025

 


AI in Cybercrimes: Rising Threats and Challenges

Kuala Lumpur: The increasing use of artificial intelligence (AI) in cybercrimes is becoming a grave issue, says Datuk Seri Ramli Mohamed Yoosuf, Director of Malaysia's Commercial Crime Investigation Department (CCID). Speaking at the Asia International Security Summit and Expo 2025, he highlighted how cybercriminals are leveraging AI to conduct sophisticated attacks, creating unprecedented challenges for cybersecurity efforts.

"AI has enabled criminals to churn through huge datasets with incredible speed, helping them craft highly convincing phishing emails targeted at deceiving individuals," Ramli explained. He emphasized how these advancements in AI make fraudulent communications harder to identify, thus increasing the risk of successful cyberattacks.

Rising Threats to Critical Sectors

Ramli expressed concern over the impact of AI-driven cybercrime on critical sectors such as healthcare and transportation. Attacks on hospital systems could disrupt patient care, putting lives at risk, while breaches in transportation networks could endanger public safety and hinder mobility. These scenarios highlight the urgent need for robust defense mechanisms and efficient response plans to protect critical infrastructure.

One of the key challenges posed by AI is the creation of realistic fake content through deepfake technology. Criminals can generate fake audio or video files that convincingly mimic real individuals, enabling them to manipulate or scam their targets more effectively.

Another area of concern is the automation of phishing attacks. With AI, attackers can identify software vulnerabilities quickly and execute precision attacks at unprecedented speeds, putting defenders under immense pressure to keep up.

Cybercrime Statistics in Malaysia

Over the past five years, Malaysia has seen a sharp rise in cybercrime cases. Between 2020 and 2024, 143,000 cases were reported, accounting for 85% of all commercial crimes during this period. This indicates that cybersecurity threats are becoming increasingly sophisticated, necessitating significant changes in security practices for both individuals and organizations.

Ramli stressed the importance of collective vigilance against evolving cyber threats. He urged the public to be more aware of these risks and called for greater investment in technological advancements to combat AI-driven cybercrime.

"To the extent cybercriminals will become more advanced, we can ensure that people and organizations are educated on how to recognize and deal with these challenges," he stated.

By prioritizing proactive measures and fostering a culture of cybersecurity, Malaysia can strengthen its defenses against the persistent threat of AI-driven cybercrimes.

Read more »
WhatsApp
Banking Data Cyber Attacks Cyber Scams E-Commerce fake Hacking WhatsApp Malaysia Malware Attack Payment Gateway WhatsApp

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.
Read more »
NFCC
Artifcial Intelligence Cyber Security CyberCrime Kill Switch Malaysia NFCC

Malaysia Takes Bold Steps with 'Kill Switch' Legislation to Tackle Cyber Crime Surge



In a conscientious effort to strengthen online safety and tackle the growing issue of cybercrime, the Malaysian government is taking steps to enhance digital security. This includes the introduction of a powerful "kill switch" system, a proactive measure aimed at strengthening online security. Minister in the Prime Minister's Department, Datuk Seri Azalina Othman Said, emphasised the urgency for this new act during the inaugural meeting of the Working Committee on the Drafting of New Laws related to Cybercrime.

Opening with a simplified formal tone, it's essential to grasp the gravity of Malaysia's response to the challenges posed by evolving technology and the surge in online fraud. The proposed legislation not only seeks to bridge the gap between outdated laws and current cyber threats but also aims to establish an immediate response mechanism – the "kill switch" – capable of swiftly countering fraudulent activities across various online platforms in the country.

Azalina pointed out that existing laws have fallen out of step with the rapid pace of technological advancements, leading to a surge in online fraud due to inadequate security measures on various platforms. The new legislation aims to rectify this by not only introducing the innovative kill switch but also considering amendments to other laws such as the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001, the Penal Code, and the Criminal Procedure Code. These amendments aim to empower victims of scams to recover their funds, a critical aspect of the fight against cybercrime.

This legislative endeavour is not isolated but represents a collaborative effort involving multiple government agencies, statutory bodies, and key ministers, including Communications Minister Fahmi Fadzil and Digital Minister Gobind Singh Deo. Their collective focus is on modernising legislation to align with the ever-evolving digital culture, with specific attention given to the challenges posed by artificial intelligence (AI).

Building on the commitment announced in December of the previous year, Azalina highlighted the government's proactive stance in combating online criminal activities. This involves a collaboration with the Legal Affairs Division and the National Anti-Financial Crime Centre (NFCC), intending to bring clarity to the matter through a dual approach of amending existing laws and introducing new, specific legislation.

To ensure a thorough and inclusive approach, the government, in partnership with academicians, is embarking on a comprehensive three-month study. This involves comparative research and seeks public input through consultations, underscoring the government's dedication to bridging the gap between outdated laws and the contemporary challenges posed by cybercrime.

Malaysia is demonstrating a proactive and comprehensive response to the growing environment of cyber threats. Through the introduction of a "kill switch" and amendments to existing legislation, the government is taking significant steps to modernise laws and enhance digital safety for its citizens.


Read more »
Malaysia
Bank Credentials Cyber Fraud Housekeeping Services Malaysia

Android App Enacting as a Housekeeping Service Steal Malaysian Individuals Bank Credentials

 

A bogus Android software poses as a housekeeping service to obtain online banking passwords from clients of eight Malaysian banks. To market the fraudulent APK, 'Cleaning Service Malaysia,' the software is promoted through multiple false or duplicated websites and social media profiles. 

This software was discovered by MalwareHunterTeam last week and was then investigated by Cyble researchers, who provided thorough information on the app's dangerous activity. 

When customers install the app, they are asked to authorize at least 24 permissions, including the hazardous 'RECEIVE SMS,' that allows the program to observe and read any SMS texts received on the phone. 

This privilege is misused by intercepting SMS messages to collect one-time passwords and MFA codes for e-banking services, that are subsequently forwarded to the attacker's server. When the infected app is launched, it will display a form asking the user to schedule a house cleaning service. The user is asked to select a payment option after entering their cleaning service details (name, address, phone number) into the bogus app. 

This phase displays a list of Malaysian banks and internet banking alternatives, and if the victim clicks on one, they are directed to a phony login page designed to seem like the actual one. 

Every login page is hosted on the actor's server, however, the victim seems to have no means of knowing from within the app's interface. Any banking information entered in this phase is given straight to the attackers, who can use them in conjunction with an acquired SMS code to get access to the victim's e-banking account.

The low follower count and recent creation date of the social media profiles that promote these APKs are apparent indicators of fraud. 

An additional problem is a mismatch in the contact information provided. Because the majority of the decoy sites chose legitimate cleaning services to impersonate, variations in phone numbers or email addresses are a major red flag. The requested privileges also signal that something is wrong because a cleaning service software has no logical reason to request access to a device's texts. 

To reduce the possibility of falling prey to this type of phishing attempt, one must only download Android apps from the authorized Google Play Store. 

Moreover, one should always carefully evaluate the permissions asked and must not download an app that requests more permissions than it should for its functionality. 

Finally, keep the device up to date by installing the most recent security updates and employing a trusted vendor's mobile security solution.
Read more »
Subscribe to: Posts (Atom)