Dating app malware, not charging cables, blamed for money theft

The Bank of Thailand (BoT) has rejected a social media post that a man lost money from his bank account when recharging his phone at a public outlet, and blamed the theft on a malware attack.

Police later also blamed malware for the theft, saying the user had downloaded an unsafe dating app known as "sweet meet".  

The central bank released a statement on Wednesday in response to a report on the possibility of mobile phone users losing their money through modified charging cables.

The concern about hacking cables surfaced after a Jan 8 post on Facebook by a person using the name Widsanusawan, who claimed he lost 101,560 baht from a bank account when charging his phone at a  public outlet.

A BoT-Thai Bankers' Association investigation found that the phone owner's money was removed from his account because malware had infiltrated the device and tricked him into installing an illegal application.

The app enabled a hacker to remotely monitor and control the phone and transfer money from the user's bank account. This occurred when the phone was not in use by the owner.

The BoT warned mobile phone users against opening unknown links, installing unverified apps and using unsecured phones to make financial transactions. Phone users should keep their mobile banking software fully updated to increase security, the statement said.

Deputy national police chief Pol Gen Torsak Sukwimol said the phone owner had installed an unsafe dating app named “Sweet meet”, and that was the cause of the money theft.

It had nothing to do with a charging cable, he said. Pol Gen Torsak said there were charging cables that were modified to steal data, but they could not be used to steal money from mobile banking accounts. Such cables could access only basic information and GPS data, and were technicians’ tools, he said.

“People must take heed and download only applications available through Google Play or the App Store,” Pol Gen Torsak said.