• Water Filter Malaysia
  • Lazada Sales 9.9 - 9 September 2022

Android Malware Scam – How It Works and How to Prevent

Here’s one example of Android Spyware Scam:

Victim saw the ad with special promotion, example on Facebook and clicked on the link to start a chat on Whatsapp with the scammer.

mymaid scam



https://www.youtube.com/watch?v=ArMJ8GXUUaM&t=6s


The scammer would request the victim to provide their details such as address, date and time of cleaning, etc through chat. They may also provide photos of their cleaners, mention that they are fully vaccinated with Covid-19 vaccination or even give additional discounts to attract the victims.



They will then request the victim to download an app on their website to make appointment and payment. The APK (Application Packaging Kit) file is downloaded and the victim then ran the malicious APK file that will install malware on the phone which has the codes to perform specific steps to extract the information needed. 

download apk


The victim will be prompted to Allow the app the send and view SMS messages. This is how they get access to the TAC No. for the bank transfer transaction.

allow sms permission


The victim will be directed to a fake payment gateway where the banking username and password will be sent to the Scammer’s C&C (Command & Control) Server via the malware. The fake payment page will look very similar to the real online banking login page.

maybank payment gateway



The scammer got the credentials to make the banking transaction and access to the victim’s SMS for the TAC No. verification. They can now transfer all the money out of that bank account.

money transferred




How to Prevent the SMSSpy and other Scams

  • DO NOT Download Android apps from outside of Google Play Store or other official app stores. If you do need to install Android software from a source other than the trusted marketplace, be sure that it is coming from a reputable source, read the reviews.
  • Verify an application permission and the application author or publisher before installing it.
  • Use a safer way to authorise your online banking transaction instead of SMS TAC for example SecureTAC (CIMB) or Secure2u (Maybank).

secure2u maybank


  • Do not click on adware or suspicious URL sent through SMS/messaging services. Malicious program could be attached to collect user’s information.

scareware adware

If you see pop-ups (scareware/ adware) like these, do not click on them


Sometimes the ads/ sponsored posts would disguise as download, chat or antivirus installation button. You might download a free app/ media without realizing that it contains additional software with adware. 

fake button


  • Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly. With a fee, Bitdefender and Norton provide some of the best malware protection and anti-theft features for mobile security. For FREE antivirus apps; AVG, Avast, Kaspersky, Bitdefender (FREE) are also good at detecting malicious apps. 

antivirus mobile app android

The Reviews of antivirus and mobile security apps on Google Play Store


norton 360 deluxe

Buy Norton 360 Deluxe Antivirus US$19.90

  • 3 computers or mobile devices (PC, Mac, Android or iOS) 
  • Mobile/ Computer security and protection against malware 
  • Includes VPN, Dark Web Monitoring

McAfee Total Protection – RM96.52

1 Device | 3 Year Subscription | Antivirus Internet Security Software | VPN, Password Manager & Dark Web Monitoring Included | PC/Mac/Android/iOS


  • Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dated versions.
  • Do not root or ‘Jailbreak’ your phone.
  • Contact relevant authorities such as MyCERT for any inquiries and assistance needed related to this threat.

Remove Malware

If you think your phone has been compromised or there’s malware on it but don’t know which app to remove, what you can do is you can enter SAFE MODE. The methods to boot up in SAFE MODE vary depending on the phone brands/ makers, for example

XIAOMI: Switch off your mobile by holding down the Power button for a few seconds. Then press the Power button for a moment to turn it on and when you see XIAOMI logo on the screen, push Volume Down to enter Safe Mode.

Samsung: First ensure the device is switched off. While continuously holding down the Volume Down key press the Power key briefly to power up the device. The device will power up in Safe mode.


In Save Mode, third party apps on your phone will be disabled (greyed), you can check and remove any apps you think are suspicious, then boot up in normal mode to inspect if problem has been fixed.

phone safe mode darkened app



Signs that you phone has been Compromised/ Infected

  • You are seeing strange pop-ups/ ads appearing all the time, example the message informing you that “Your storage space is running out”, “Clean the System Now”, etc. that don’t look like they are legit system notifications.
  • Phone battery drains faster
  • Phone is running slow or freezes frequently
  • Your device has overheating issues

To contact MyCERT (Malaysia Computer Emergency Response Team)

Email: cyber999@cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)  
Mobile: +60 19 2665850 (24×7 call incident reporting) 
Business Hours: Mon – Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my


Source

netbytesec.com

Twitter

MyCERT

Maybank

WeLiveSecurity

consistent water filter
pure and tested best essential oil brand and type in USA and Malaysia