The Malaysia Computer Emergency Response Team (MyCERT) has recently published a security alert regarding a fake Royal Malaysia Police (PDRM) app that has been spotted in the wild. Made specifically for Android, it seems to be able to sap away money from users’ bank accounts.
However, the genesis of the infection doesn’t take place directly on users’ phones. Instead, it takes place via social engineering as it all started with a fake phone call by an individual that posses as a law enforcement officer.
According to the description by MyCERT, the scammer would then inform the victims that they have been involved in money laundering and threaten to arrest them unless they download the fake app. Once the fake app has been installed on the victim’s phone, it will try to replace the phone’s default SMS app.
After gaining access to users’ SMS service, the malicious app will then try to create bank transaction from the phone. Given the gravity of the situation, it is always important to make sure that you never download any unknown app that was sent to you via any messaging platform. Always verify such calls with respective authorities before taking any further action.