The scammers will prompt victims to download an unauthorised APK which will give them access to fully control your device.

Screen grab from RHB Group, devan_raman_combatscam, Sin Chew Daily

A Malaysian woman had her phone hacked and RM5,000 transferred out when she downloaded an APK sent by scammers posing as a Nyonya kuih seller.

The victim clicked a link on Facebook which led her to WhatsApp chat with the supposed Nyonya kuih seller.

The ‘seller’ video called the woman to teach her how to install the APK to make Nyonya kuih order.

After installing the APK, she noticed her phone had been linked to other devices and could not disconnect it. The woman was on high alert now. She promptly requested to use her daughter’s laptop to check her banking account, only to discover that RM5,000 had already been withdrawn.

In a similar case reported by Sin Chew Daily, a senior citizen was scammed of RM3,000 when his device was hacked after downloading the Nyonya kuih app.

The incident unfolded in Petaling Jaya, where social media users are increasingly exposed to targeted advertisements. Similarly, a scam syndicate used the lure of selling Nyonya kuih to entice internet users into clicking an ad and placing an order.

Unbeknownst to the victim, the seemingly harmless interaction triggered a breach of his mobile phone’s security. Hackers subsequently gained access to his device and swiftly transferred RM3,000 from his bank account, leaving him shocked and out of pocket.

How the scam works

According to reports, the fraudulent advertisement was designed to look like a legitimate online purchase opportunity, complete with product images and ordering prompts — a tactic that has become increasingly common on social media platforms. Downloading unauthorised APKs will allow malware or spyware to infiltrate the victim’s phone, giving hackers access to his personal and financial information.

RHB Group posted a video in 2024 explaining the scam. Scammers would tell the victims that they need to download the app to browse through the menu and make payment. Once the unsuspecting victim downloads the APK, and clicks “Allow” for the app to control their device, the scammers would then have full control of the victim’s phone and proceed to transfer money from their bank apps. They noted that the scammer will sound very friendly and helpful to gain your trust.

How to protect yourself from scams

  • Always make sure you only install official apps from Google Play Store or Apple App Store.
  • Be alert of ads that redirect to unknown or unsecured websites (always check if the website has security certificates like https://)
  • Do not respond to requests for personal or banking information
  • Do not give your one-time-password (OTP) to anyone
  • Do not click on suspicious links

Follow Wah Piang for more.