Albert*, a 68-year-old retiree in the Philippines, was struggling to log into the country’s Social Security System app in August last year when a man rang to offer help.
The caller said he worked for the government pension fund, the website was down for maintenance and a new app had just been rolled out.
To prove he was genuine, he sent Albert his full name, Social Security number, and home address over the Viber messaging app, followed by a link to the “new” app.
More than an hour after Albert clicked the link, the app was still installing. By the time his daughter arrived home, he could not switch his phone off.
“My daughter suspected that it was a scam. So she tried switching off my phone, but the touch screen and buttons were not working. Because my phone would not switch off, we decided to remove my SIM card. When we took out the SIM card, that was when the installation stopped,” he wrote in his testimony to the police.
The three bank accounts and two e-wallets on his Android phone had been emptied. More than 1 million pesos (US$16,600) in life savings were gone.
The spyware that drained Albert is part of a fast-rising “malware-as-a-service” (MaaS) operation that has now been tied, for the first time with firm evidence, to a specific scam compound in Cambodia, according to a report released earlier this month by US cybersecurity firm Infoblox and the Vietnamese non-profit Chong Lua Dao.
