Cheoh sent the videos to Lee, who disseminated them to his “business partners” and customers.
Cheoh returned to Malaysia on Apr 11, 2023 when Lee agreed to let him leave even though he had not found a replacement. He brought with him two laptops and two phones and later recorded more tutorial videos at Lee’s request while in Malaysia.
After this, Lee arranged for the devices to be collected from Cheoh outside a supermarket in Penang.
In total, Cheoh recorded at least 20 tutorial videos operating the malware between February 2023 and May 2023. He received US$700 in February 2023 and US$1,000 from Lee for his work during March 2023 and April 2023 respectively.
Other members of the syndicate later used the malware to conduct scams on people in Singapore.
Discussions were held to create landing pages online from which unsuspecting victims could be lured into downloading applications containing the malware.
There was also an office in Malaysia where the operation of the malware was supervised.
Between June 2023 and June 2024, Android mobile phones belonging to at least 129 victims in Singapore were remotely accessed after their phones were installed with versions of the malware.
Their phones were taken over and unauthorised outgoing transactions amounting to at least S$3,197,974.24 were made from their bank accounts via the mobile banking applications in their phones.
