SINGAPORE: In a first for Singapore, a 49-year-old Malaysian man who taught members of a syndicate how to use malware that caused millions in losses to over a hundred Singaporeans has been prosecuted.
On Tuesday (Dec 9), Cheoh Hai Beng was slapped with a five-and-a-half-year jail sentence and fined S$3,608. According to a CNA report, he entered a guilty plea to two charges of being a member of a criminal syndicate as well as conspiring with others to use software that controlled Android phones in the city-state, with another charge considered in his sentencing.
Because of his actions, a total of 129 Singaporeans lost around S$3.2 million when scammers gained access to their phones and made unauthorised bank transfers.
Cheoh was first introduced to the scheme by a Taiwanese man named Lee Rong Teng, whom he first met in jail in South Korea. While staying with Lee in 2023 in the Dominican Republic, Lee spoke to Cheoh about software that lets a person “spy” on another’s phone. He then had the Malaysian man learn the software, known as “Spymax” malware, specifically meant for installation in Android phones, and then make video tutorials so others could learn it as well.
The malware allows another person to control the phone remotely, giving them access to its apps unbeknownst to or without permission from its owner.
According to CNA, Cheoh was aware of what the malware could do and that he had overheard Lee and a Malaysian “business partner” about using it in order to scam victims in Singapore.
The report noted that Cheoh had been reluctant to make the videos at first, but that Lee threatened to publish a video of Cheoh demonstrating the malware. Lee also promised to pay him.
Cheoh then recorded tutorial videos showing how Spymax malware worked from February to April 2023. These videos instructed viewers how to set up the malware, how to access cryptocurrency applications and the passwords of crypto wallets, determine a phone’s location via GPS, and other functions. Lee then distributed these videos to others.
After he returned to Malaysia from the Dominican Republic, Cheoh continued to make more videos for Lee, for whom he made at least 20 in total. Lee paid him US$1,700 for the videos.
There were at least 129 victims in Singapore whose phones were installed with the malware by syndicate members. They lost at least S$3,197,974.24 when their bank accounts were accessed.
The Royal Malaysian Police, who had worked with Singapore’s Technology Crime Investigation Bureau of the Criminal Investigation Department, arrested Cheoh in Penang on June 12, 2024, in connection with the malware-enabled scams. /TISG
