MyCERT Alert – PDRM Malicious APK

MyCERT Alert – PDRM Malicious APK

MyCERT had received quite a number of reports from Financial Institutions regarding their customers’ smartphones had been infected with malware through a phishing campaign recently.

Earlier, the scammer had disguised as law enforcement officer and made several calls to the victims, claiming that victims have been involved in money laundering activities. Scammer then threaten the victims to issue warrant to arrest them, forcing them to download and install and unknown application. The malicious URL to download the unknown app is provided through SMS, or through phone call if victim fail to do it. Subsequently, victim found that their money from their account has been illegally transferred without their consent.

2.0 Impact

• Victim’s suffer money loss through non-consented transaction.
• Disclosure of personal information to scammers or unknown parties may increase similar scamming campaigns in future.

3.0 Modus Operandi

When victim browse to the given link using mobile browser, it will display a web page with PDRM logo. Victim will be instructed to click on the logo to download an app and directed to install it on their device.

When the application is installed and open, it will set itself as a default messaging application replacing the official messaging application on the phone, plus running as a service rather than a normal application so it will not be listed in the application list.

The application has requested several unauthorised permissions to gain access to victim’s smartphones. In the snapshot, the app request for permission to read and send SMS. We suspect the app maliciously create transaction from the phone and read victim’s TAC code to complete the online banking transaction.

4.0 Recommendations

4.1 If you received such scam phone call, which impersonate local law enforcement agency, you can immediately:

1. Contact the respective law enforcement agency for verification.
2. Report the incident to for MyCERT incident response.
3. Users may forward to Cyber999 the malicious application for further analysis.
4. Ignore the phone calls and never respond to any instruction.

4.2 For Smartphone Users:

1. Verify an app’s permission and the app’s author or publisher before installing it.
2. Do not click on adware or suspicious URL sent through SMS/messaging services. Malicious program could be attached to collect user’s information.
3. Since URL on mobile site appears differently from desktop browser, make sure to verify it first.
4. Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.
5. Don’t use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user’s smartphone/tablet.
6. Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dates versions.
7. Do not root or otherwise ‘Jailbreak’ your phone.
8. Avoid side loading (installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source.

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: or
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24×7 call incident reporting)
Business Hours: Mon – Fri 09:00 -18:00 MYT

Cyber999 Mobile Apps: IOS Users or Android Users

Read More At…/2017/main/detail/1293/index.html

Leave a Reply

Your email address will not be published.