2022-06-07 MA-834.052022 MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential| Threat Intelligence Malaysia

📃Title: MA-834.052022: MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential
📅Date: 2022-06-07
🔗References:

https://www.mycert.org.my/portal/details?menu=431fab9c-d24c-4a27-ba93-e92edafdefa5&id=c2a5b8c1-fe94-489e-a772-dbb9d0fb8968

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: targeted
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Malaysia”
financial-fraud=“Fake App”
financial-fraud=“Fake Website”
producer= 4a61b42d-e3f0-4964-9d88-4aa96e24c31d
mitre-attack-pattern=[‘T1476’, ‘T1412’]

MISP event uuid: 145ab1a4-7880-4eb5-91f8-dd900a76997a

Indicator of Compromise (IoCs)

type,value,comment
md5, de2d81f884568834154507ecd0898bcc, 'LEA campaign'
md5, de5b6c66efd0b520845d4a7e926e85aa, 'LEA campaign'
md5, 59939ecc0db40e4db79dd0078a829f2b, 'LEA campaign'
md5, 78c73757f0f4d53b5f010d12daa606ac, 'LEA campaign'
md5, d87997a8bb6215d96f5d0e87fb487747, 'LEA campaign'
md5, cb66d916831de128ccb2fcd458067a7d, 'Malicious app impersonating Grabmaid service.'
md5, 8183862465529f6a46aed60e1b2eae52, 'Malicious app impersonated Maria’s  Cleaning service.'
md5, b6845141ec0f4665a90fb16598f56fac, 'Malicious app impersonating Maid4u service.'
md5, 43727320e8bf756fe18db37483dad0a0, 'Malicious app impersonating MaidACall service.'
md5, c51bc547a40034f4828c72f37f2f1f39, 'Malicious app impersonating MaidACall service.'
md5, 4bec6a07e881db1a950367beb1702ada, 'Malicious app impersonating PetsMore service.'
md5, 4fd6255562b2a29c974235fd21b8d110, 'Malicious app impersonating PetsMore service.'
md5, c7dcbd2b7f147a6450c62a8d67207465, 'Malicious app impersonating YourMaid service.'
md5, 71341fc2958e65d208f2770185c61d7a, 'Malicious app impersonating Maid4u service.'
md5, cf3b20173330fea53e911a229a38a4bc, 'Malicious app impersonating Maideasy service.'
md5, e58ffc4e23292d80916b0e19c184cdef, 'Malicious app impersonating MyMaidKL service.'
ip-dst, 139.162.61.96, 'LEA campaign'
ip-dst, 185.244.150.159, 'cleaning services campaign'
domain, token2.club, 'cleaning services campaign'
ip-dst, 194.195.211.26, 'cleaning services campaign'
domain, grabamaid-my.online, 'cleaning services campaign'
ip-dst, 172.67.177.79, 'cleaning services campaign'
domain, maidacalls.online, 'cleaning services campaign'
ip-dst, 172.67.205.26, 'cleaning services campaign'
domain, petsmore.online, 'cleaning services campaign'
ip-dst, 172.67.174.195, 'cleaning services campaign'
domain, cleangmy.site, 'cleaning services campaign'
domain, my-maid4us.site, 'cleaning services campaign'
domain, yourmaid.online, 'cleaning services campaign'
domain, muapks.online, 'cleaning services campaign'
domain, grabsapks.online, 'cleaning services campaign'
ip-dst, 104.21.19.184, 'cleaning services campaign'
domain, grabmyapks90.online, 'cleaning services campaign'
ip-dst, 104.21.29.168, 'cleaning services campaign'
domain, m4apks.online, 'cleaning services campaign'
ip-dst, 172.67.208.54, 'cleaning services campaign'
domain, maid4uapks90.online, 'cleaning services campaign'
ip-dst, 172.67.161.142, 'cleaning services campaign'
domain, grabmaidsapks80.online, 'cleaning services campaign'
ip-dst, 2.57.90.16, 'cleaning services campaign'
domain, puapks.online, 'cleaning services campaign'
ip-dst, 124.217.246.203, 'cleaning services campaign'
ip-dst, 172.67.166.180, 'cleaning services campaign'
domain, meapks.xyz, 'cleaning services campaign'
url, https://api.lapubo.com, ''
url, https://mymaidkl.com, ''
url, https://mobile666.mymaidkl.com, ''

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2022-06-07 MA-834.052022 MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View