Man jailed for teaching criminals how to use malware

Regular readers of Hot for Security will have read plenty of articles about cybercriminals who have created malware, or malicious hackers who have used malware to infect the systems of victims.

But the news this week is that a court in Singapore has jailed a man not for launching an attack himself, but instead for teaching others exactly how to do it.

As local media reports, a 49-year-old man has received a five-and-a-half year jail sentence, and fined S$3,608 (US $2,700), after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts.

Cheoh Hai Beng, a Malaysian national, was recruited by a cybercrime gang to act as an instructor rather than as a hands-on scammer. His role was to provide a step-by-step explanation of how to deploy and operate the Spymax remote access trojan (RAT) on Android devices.

Between February and May 2023, he is said to have recorded around 20 instructional videos demonstrating how the malware could be installed, controlled, and used to silently hijack control over victims' smartphones.

The videos demonstrated how to set up the Spuware malware and take advantage of its features, including remotely accessing cryptocurrency apps and capturing wallet passwords, hijacking the smartphone's camera, scooping up address books, and tracking the device's location via GPS.

Reports about Spymax go back to at least 2019, but its popularity rose during the pandemic when attackers tricked unwary members of the public into installing boobytrapped COVID-tracker apps that were poisoned with the spyware.

Spymax made it easy for remote cybercriminals to snoop on phone conversations (both voice and messages), capture authentication codes, access banking apps and even control infected devices in real time remotely. Once installed, the Spymax RAT allows fraudulent financial transactions to be made without victims being aware.

Investigators say that they found the tutorials used to train gang members were shared on criminal networks, with victims typically tricked into installing the malware through phishing messages or fake download links that posed as legitimate software or services.

According to Singaporean authorities this is the country's first prosecution specifically targeted against somebody who had taught others how to use malware. They claim that Cheoh was first introduced to spyware via an acquaintance,
Taiwanese national Lee Rong Teng, who he had become friends with in 2008 while serving a jail sentence in South Korea.

Prosecutors claim that Lee Rong Teng provided Cheoh with several versions of the spyware and asked him to learn how they functioned.

This week Cheoh Hai Beng pleaded guilty to two charges of being a member of a criminal gang and conspiring with others to use software hosted in servers to control Android mobile phones in Singapore.

Cheoh’s alleged accomplice, Lee Rong Teng, is thought to still be at large.