By: Yasmin Damia Rizal
In Malaysia, data breaches have become a major contributor to the increasing number of scam cases affecting both individuals and businesses.
When personal data such as names, identification numbers, phone numbers, bank details, and home addresses are leaked due to cyberattacks, insider misuse or weak data protection practices, the information often ends up in the hands of criminal networks.
Scammers exploit this stolen data to carry out various forms of fraud including phishing emails, scam calls, fake investment schemes, identity theft and online impersonation.
ANDROID PACKAGE KIT (APK) FILE ATTACKS ON DEVICES
According to Ahmad Azman Adlan, 52, an ethical hacker and Cybersecurity instructor who serves as a Subject Matter Expert (SME) in hacking and digital security, the most common cause of account compromise is the installation of malicious Android Package Kit (APK) files format.
Based on more than 10,000 cases he has handled, APK-based attacks remain the primary method used by hackers, particularly against Android users.
“Victims often receive suspicious links through platforms such as Telegram and WhatsApp.
“These links may appear legitimate, such as links claiming to offer government assistance (for example, “Bantuan Madani”).
“Once clicked, users are redirected to fake websites that prompt them to provide their phone numbers.
“Subsequently, a malicious APK file is downloaded onto their device and this allows hackers to take over messaging applications such as WhatsApp or Telegram.
“When users install the APK file and grant the requested permissions, the application is able to steal verification codes sent via SMS or voice calls.
“In WhatsApp cases, the original account owner is usually logged out completely, while in Telegram cases, hackers may remain logged into the same account simultaneously without the owner being logged out,” he said in the interview.
Azman explained APK file attacks primarily affect Android devices, as iPhones do not recognize or support APK files thus this makes iPhones relatively safer from this specific method of attack.
“However, Android devices can still be protected if users install reputable antivirus software and avoid downloading files from unknown or unverified sources.” he added.
Azman further highlighted that once Telegram accounts are compromised, hackers gain access to all existing data, including chat histories, images, videos, contacts and documents.
“This information is often used for blackmail, where victims are threatened with the exposure of private or sensitive content, including personal or explicit images.” Azman stated.
MODUS OPERANDI OF HACKERS
Sharing about the common modus operandi for hackers to steal the public data, Azman said it begins with APK installation.
“Once the account is hijacked, hackers gain access to the victim’s contact list and group chats, such as family groups, mosque groups, or workplace groups.
“These groups then become targets for further scams. Hackers impersonate the victim and request urgent loans, typically asking for amounts such as RM1,500, promising repayment the next day, and providing bank account details for transfers.” he explained.
In addition, compromised WhatsApp accounts are often used to spread malicious APK files to other contacts, creating a continuous chain of victims.
Azman noted that between 2021 and 2022, Telegram was the platform most frequently targeted. However, after November 2023, WhatsApp introduced new features such as multi-account registration, particularly on Android devices.
“Android phones can now register up to three WhatsApp Messenger accounts and one WhatsApp Business account on a single device, which has inadvertently increased security risks if verification codes are intercepted.
“By contrast, iPhones only allow one WhatsApp Messenger number and one WhatsApp Business number per device, and they are not vulnerable to APK-based attacks.
“This explains why most WhatsApp hacking cases involve Android users,” he explained further.
Azman said the ultimate objective of hackers is financial gain so platforms such as WhatsApp and Telegram are particularly effective for scams because they enable direct communication with trusted contacts.
“Hackers use compromised accounts to invite contacts into fake investment groups, promising unrealistic returns such as turning RM300 into RM10,000. Victims are more likely to trust these schemes when they see familiar contacts already participating,” he added.
In WhatsApp cases, the original owner is locked out, and hackers block re-login attempts for 12 hours according to Azman.
“During this period, they send mass messages and broadcast requests for money. After 12 hours, the block is renewed, making account recovery extremely difficult.
“”Recovering a hacked account, especially one compromised through APK files, is highly challenging and often requires identifying and removing the malicious application.
“Many victims resort to filing police reports or terminating their phone numbers altogether,” he said.
Azman also pointed out that many scam operations are run by syndicates based overseas, making them difficult to prosecute.
“These criminals convert stolen funds into cryptocurrencies to avoid detection, as digital assets leave fewer traces compared to cash withdrawals, ATM transactions, or bank transfers monitored by CCTV and financial systems,” he noted.
Beyond financial losses, cyber scams and blackmail cases have severe social and emotional consequences, including family breakdowns and psychological distress.
Users are advised to limit the exposure of personal data by avoiding the use of full legal names on social media, using privacy settings effectively, and disabling open invitations on platforms such as Telegram.
Ultimately, while anyone can become a victim of scams, informed and cautious users are better equipped to protect themselves.
Continuous education, especially among younger users and community leaders, is essential to reducing the spread and impact of cybercrime.