JSceal malware lets hackers steal data and over 10m baht, police warn

The Royal Thai Police’s Anti Cyber Scam Centre (ACSC) has warned the public about a serious cyber threat from JSceal malware, which can be embedded in computers, especially those running Windows, and used to steal passwords, cryptocurrency and one-time passwords (OTPs).

The warning was issued after investigators found that nearly 10 victims had been infected with the malware without their knowledge. Hackers allegedly stole data and carried out financial transactions, causing total losses of more than 10 million baht.

Investigators found that JSceal had been embedded in victims’ computers. The malware is designed to hide inside devices, run continuously and evade detection. It operates through a command-and-control (C2) server, allowing hackers to remotely manage infected devices, extract sensitive information and send the data back without leaving obvious traces.

The stolen information can include saved passwords, browsing histories and cryptocurrency wallet details. Police said the malware effectively gives hackers control of the victim’s screen, making it difficult for users to realise that their device has been compromised until damage has already been done.

The ACSC said JSceal malware had been linked to several likely sources, including:

• downloading and installing unauthorised or pirated software;
• visiting websites or clicking advertising links from unreliable sources;
• using programmes copied from other devices, which may already contain hidden malware.

The centre urged the public to protect their computers by taking the following precautions:

• avoid installing software from untrusted sources;
• never disable antivirus software under any circumstances;
• keep operating systems and software updated to the latest version;
• regularly check app permissions and device access settings;
• use Malwarebytes to scan for and remove threats.

Investigators also found that hackers had accessed OTPs sent through Google Messages on victims’ mobile phones that were synced with their computers. This allowed the hackers to use the OTPs to carry out financial transactions on the victims’ behalf.

Police therefore advised users to take one further protective step as a final safeguard for their money: preventing OTPs from reaching hackers by turning off message syncing to other devices.

For Android users, Google Messages syncing can be turned off as follows:

• Open Google Messages.
• Tap the profile icon in the top right corner.
• Go to Messages settings.
• Tap RCS chats.
• Turn off RCS.

For iOS users, iCloud Backup can be turned off as follows:

• Open Settings.
• Tap Apple Account.
• Go to iCloud.
• Tap iCloud Backup and turn it off.