MyCERT warns Malaysians against malicious Android apps that steal users’ personal banking information

The Malaysian Computer Emergency Response Team (MyCERT) has warned Malaysians against cybercriminals who use malicious Android applications to target Internet users in our country. Through a campaign called ‘SMSSpy‘, these cybercriminals use malicious tactics to steal and obtain users’ private banking information.

In a advisory published on June 13, 2022, MyCERT claimed that SMSSpy was running two campaigns. The first campaign involves cybercriminals calling victims and posing as law enforcement agents to trick them into downloading a malicious Android app to allegedly “settle” their debts.


As for the second campaign, cyber criminals use phishing websites which look similar to the official website of popular services in Malaysia. Additionally, they also use Facebook Ads to promote services that look legitimate but are just a front for phishing sites. Some of the “service” sites that MyCERT has found include Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy, MaidACall, MyMaidKL, and PetsMore.

Through these phishing sites and malicious Android apps, cybercriminals can obtain personal banking information and worse, steal money from victims’ bank accounts. Therefore, be careful when downloading Android apps and make sure you only use legitimate services and websites before entering your personal data!

For more information about these rogue Android apps and other notices to ensure your online safety, visit MyCERT official website here. Also, for more new techniques like this, stay tuned to TechNave.