Hacker group R00TK1T, via Telegram, have claimed responsibility for sending out phishing SMS to “thousands” of customers in the past few days directly through Maxis. Based on our findings, several users have indeed reported of receiving suspicious messages from the telco’s official line since earlier this month, some of which even occurred prior to the group’s announcement regarding its attack.
In separate posts shared on X (formerly Twitter), customers are saying that they’ve received SMS from Maxis concerning point redemption, which also included a suspicious hyperlink. While some have mentioned that the link leads to a suspicious and unsecure website, one user noted that clicking it resulted in initiating a large payment to a TikTok shop through their bank. The telco, in a series of replies on the platform, has denied of sending such messages and is advising affected customers to not click on any links included.
In the same update, R00TK1T claims that “large sums of money have mysteriously vanished” from bank accounts of Maxis users, which has ended up “into the pockets of third-party companies. Complaints notwithstanding, we’re unable to verify if any of the telco’s customers have actually fallen prey to the phishing scam, though one user on X is claiming that a friend has allegedly lost RM1,200 from their bank account.
Why I got an SMS to redeem Maxis Reward points but when I click to redeem and such, Maybank shows I'm making a payment of 2k to Tik Tok shop? https://t.co/bd15WXpAz6
— de La Fontaine (@delafontaineuf) February 5, 2024
korang kalau dapat push sms ni jgn click the link tau. ini SCAM LINK. aku dah dapat few times & memang aku curious about maxis point ni & almost nak try juga. BUT what just happen tadi, my friend dah kena scam duit 1.2k from acc bank dia. please hati2 guys‼️ pic.twitter.com/jcMFSIT6rn
— Amir Jacob (@amirxjacobbb) February 1, 2024
Malaysians are still reporting to have received SMS containing hyperlinks on the regular as of late, originating from downright suspicious sources as well as so-called “official” channels. The fact of the matter remains, this particular practice has been banned by authorities since last year, so users are strongly advised to ignore and report such activities, should they encounter them.
Got a strange sms using “Maxis” as a sender talking about consumption points.. and yup.. it’s a scam.. note to @MaxisListens pic.twitter.com/hPxp1bLInX
— Marauderz (@marauderz) February 4, 2024
(2) If the URL link appears suspicious, do not click on it. If you are doubtful of any SMS, do contact the organization directly to validate. For more info, visit https://t.co/PaWDa9SdDr. TQ/Yal
— Maxis (@MaxisListens) February 6, 2024
R00TK1T previously threatened to take further action against Maxis for denying its recent attacks. Just two days ago, the hacker group claims to have successfully breached the telco’s Kulim network, and even shared screenshots of its backend system to Telegram. Maxis has yet to provide an update regarding R00TK1T’s recent alleged attacks. On that note, we’ve also reached out to the telco for comment.
(Additional sources via X [1] [2] [3] [4])
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.