ANNOUNCEMENT

Introduction

The National Cyber Security Agency (NACSA), National Security Council (NSC) through the National Cyber Coordination and Command Centre (NC4) has been informed of a malicious Android mobile app and a fraudulent website (http://malaysiagovermentapp.com) claiming to be from the Perdana Menteri Malaysia for the purposes of COVID-19 aid programme.

Impact

Identity theft and financial loss.

Brief Description

From our analysis, the malicious Android app is being used to trick victims into submitting their internet banking details, which will then be uploaded to a different website. It is observed that the Android app also has the capability to read mobile phone SMSes, which may be used to steal victim online banking credentials and TAC codes for Internet banking.

Recommendation

The NC4 would like to remind the public to not access or install any suspicious links or applications that are not in the Google Play Store or the Manufacturer’s App Stores such Apple AppStore, Huawei AppGallery, and Samsung Galaxy Store. It is also advised for the public to take the following actions:

1. DO NOT click on any links from unsolicited SMSes;
2. If you have clicked on the link, DO NOT download the Android app;
3. Make sure to download any apps from the official Google Play Store or Manufacturers' App Store;
4. Any official SMS sent by MKN on COVID-19 will be automatically tagged as “MKN” by the telco and doesn’t provide any number for reply; and
5. Any official information and advisory regarding COVID-19 will be distributed ONLY on MKN official social media accounts as below:
1. Telegram : https://t.me/MKNRasmi
2. Facebook : https://fb.me/MajlisKeselamatanNegara
3. Twitter : https://twitter.com/mknjpm
4. Website : https://www.mkn.gov.my

Appendix

Figure 1: The fake website for the Android Malware.

Figure 2: The Android Malware Main App.

Figure 3: The Android Malware App Requesting Bank Info.

Figure 4: The Android Malware App Requesting Bank Credential.

02-04-2020