Cheoh sent the videos to Lee, who disseminated them to his “business partners” and customers.
Cheoh returned to Malaysia on Apr 11, 2023 when Lee agreed to let him leave even though he had not found a replacement. He brought with him two laptops and two phones and later recorded more tutorial videos at Lee’s request while in Malaysia.
After this, Lee arranged for the devices to be collected from Cheoh outside a supermarket in Penang.
In total, Cheoh recorded at least 20 tutorial videos operating the malware between February 2023 and May 2023. He received US$700 in February 2023 and US$1,000 from Lee for his work during March 2023 and April 2023 respectively.
Other members of the syndicate later used the malware to conduct scams on people in Singapore.
Discussions were held to create landing pages online from which unsuspecting victims could be lured into downloading applications containing the malware.
There was also an office in Malaysia where the operation of the malware was supervised.
Between June 2023 and June 2024, Android mobile phones belonging to at least 129 victims in Singapore were remotely accessed after their phones were installed with versions of the malware.
Their phones were taken over and unauthorised outgoing transactions amounting to at least S$3,197,974.24 were made from their bank accounts via the mobile banking applications in their phones.
Cheoh was arrested at his home in Penang on Jun 12, 2024 by the Royal Malaysian Police, in collaboration with Singapore’s Technology Crime Investigation Bureau of the Criminal Investigation Department, for his suspected involvement in malware-enabled scams against Singaporeans.
He was later escorted to Singapore and held in custody.
SENTENCING ARGUMENTS
Deputy Public Prosecutor Hon Yi sought 72 to 85 months’ jail for Cheoh, along with a fine of S$3,608 to disgorge the profit he made from the offences.
He said there had been no previous prosecutions for a person who teaches others how to use malware, but cited other cases that involve sophisticated criminal enterprises or syndicates.
“There is a saying – give a man a fish, and he eats for a day. Teach a man to fish and he eats for life,” said Mr Hon.
“In this case, what the accused is doing is to teach wrongdoers out there how to use the malware for commission of other offences.”
He said Android phones are used by roughly half the population, and said the potential harm was “a lot greater” and goes beyond even Singapore’s borders.
“The organised criminal group in this case was clearly in the industry of carrying out scams, and the whole aim of it was precisely as what the accused did, to propagate their malware and let people use the malware on as many victims as possible,” said Mr Hon.
He said the criminal group was transnational in nature and its scale was “not small”.
Defence lawyer Sujesh Anandan argued that this was a “high harm, low culpability offence”.
He referred to the prosecution’s saying about teaching a man to fish.
“There’s no evidence how many people exactly Mr Cheoh taught to fish,” said Mr Sujesh. “What we do have is the total quantum involved.”
However, he said there was no evidence how much of this quantum is related to the videos made by Cheoh.
He also highlighted how the group was actively scamming the victims from June 2023, after Cheoh stopped his involvement with the group in May 2023.
Mr Sujesh said Cheoh’s involvement was limited to the filming of the tutorial videos, and he was on “the lowest tier of the hierarchy of the group”.
He said Cheoh would not be able to pay the fine, and is legally aided through Pro Bono SG with the Criminal Legal Aid Scheme.
For conspiring to obtain unauthorised computer access to commit an offence, Cheoh could have been jailed for up to 10 years, fined up to S$50,000, or both.
For being a member of a locally linked organised criminal group, he could have been jailed for up to five years, fined up to S$100,000, or both.
Source: CNA
