Alert on SMSSpy Campaign
04 Aug 2022
According to Malaysia's CyberSecurity Emergency Response Team (MyCERT), malicious actors are targeting Malaysians who use Android phones. The SMSSpy campaign is centred on a malicious application that can view any SMS received by the infected device. This includes the TAC number used to validate online banking transactions.

To trick their victims into installing the malicious application, the campaign's perpetrators use tactics such as posing as law enforcement agents, creating fake websites, and posting fake cleaning service ads on Facebook. 

We advise online banking customers who are using Android devices to be wary of such scams and to remain vigilant. As such we strongly advise users to:

  1. VERIFY application permission and the application author or publisher before installing it.
  2. DON’T sideload application or install .apk files from unknown and unofficial sources.
  3. DON’T click on any link or suspicious URLs sent through SMS, Whatsapp, or any other messenger services.
  4. INSTALL a reputable anti-virus app on your devices and update it regularly.
  5. UPDATE your device’s operating system and applications regularly.
  6. DON’T root or ‘Jailbreak’ your phone.