.. the malware has been targeting only Malaysia – both the e-shops it impersonates and the banks whose customers’ credentials it is after are Malaysian, and the prices in the applications are all displayed in the local currency, the Malaysian Ringgit.


All seven websites impersonated services that are only available in Malaysia: six of them, Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy and MaidACall, offer cleaning services, and the seventh is a pet store named PetsMore.

The copycat websites do not provide an option to shop directly through them. Instead, they include buttons that claim to download apps from Google Play. However, clicking these buttons does not actually lead to the Google Play store, but to servers under the threat actors’ control. To succeed, this attack requires the intended victims to enable the non-default “Install unknown apps” option on their devices. Interestingly, five of the seven legitimate versions of these services do not even have an app available on Google Play.

... the goal of the malware operators is to obtain the banking credentials of their victims. After picking the direct transfer option, victims are presented a fake FPX payment page and asked to choose their bank out of the eight Malaysian banks provided, and then enter their credentials. The targeted banks are Maybank, Affin Bank, Public Bank Berhad, CIMB bank, BSN, RHB, Bank Islam Malaysia, and Hong Leong Bank, as seen in Figure 4.

After unfortunate victims submit their banking credentials, they receive an error message informing them that the user ID or password they provided was invalid (Figure 5). At this point, the entered credentials have been sent to the malware operators, as Figure 6 shows.

the fake e-shop applications also forward all SMS messages received by the victim to the operators in case they contain Two-Factor Authentication (2FA) codes sent by the bank


https://www.welivesecurity.com/2022/04/06/f...ndroid-malware/

MA-834.052022: MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential
https://www.mycert.org.my/portal/advisory?id=MA-834.052022


How to remove SMSSpy malware from your Android device
Also Known As: SMSSpy virus
https://www.pcrisk.com/removal-guides/23541...malware-android


Maybank Warns Customers Of Malware Scams That Can Obtain TAC Numbers
https://ringgitplus.com/en/blog/personal-fi...ac-numbers.html

Another RM3,500 deposit was stolen from the gardening mechanic and disappeared
June 12, 2022
......


He issued a statement today saying that after questioning the victim, he found some suspicious points, that is, the victim had just changed his mobile phone, and the old mobile phone was handed over to the mobile phone store staff to clear the old data and settings.

"The victim likes to watch Youtube movies, and the links sent by friends will be clicked to watch; the victim has recently installed the link application sent by friends, and it will be cleared after it is useless."
http://penang.chinapress.com.my/?p=1651274
https://penang-chinapress-com-my.translate....&_x_tr_pto=wapp


Sementara itu, seorang pakar aplikasi telefon menasihatkan orang ramai supaya tidak sesekali memuat turun APK, khususnya dari China, kerana pengguna mungkin membenarkan aplikasi berkenaan mengakses khidmat pesanan ringkas (SMS) tanpa menyedarinya.

Katanya, kebenaran itu membolehkan APK berkenaan membaca dan seterusnya menyekat mesej daripada bank sekali gus memindahkan duit daripada akaun mangsa.

Jelasnya, ramai orang Cina telah menjadi mangsa penipuan berkenaan kerana memuat turun aplikasi dari China yang tidak ada dalam Google Playstore. –
https://malaysiagazette.com/2022/06/10/mang...i-cerita-penuh/

android > install malware app from link > make bank payment withing the app > error > notification from bank
> money already gone

https://www.chinapress.com.my/?p=3016960