He tapped a ‘government app’ — then his over Ph1 million life savings vanished
A new malware scam is draining bank accounts across Asia with a single tap
It began with a phone call that sounded routine — the kind millions of retirees trust every day.
A 68-year-old Filipino pensioner, struggling to access his state pension account, was contacted by a man claiming to represent the country’s Social Security System (SSS). The caller knew his personal details — full name, social security number, even his home address — enough information to appear legitimate. Moments later, a Viber link arrived with instructions to install a “new app.” One tap opened the door to a silent digital robbery.
Get updated faster and for FREE: Download the Gulf News app now - simply click here.
The app never truly downloaded. Instead, malware quietly hijacked his Android phone, freezing the touchscreen and disabling the power button. By the time his family removed the SIM card, it was too late. Three bank accounts and two e-wallets had already been drained — wiping out more than Ph1 million in life savings.
What happened next reflects a growing warning across the Philippines’ banking system.
Bangko Sentral ng Pilipinas has repeatedly warned consumers against downloading apps from unofficial links, noting that modern banking malware can intercept one-time passwords, scrape login credentials, and remotely control infected devices. Philippine banks including BDO Unibank and Bank of the Philippine Islands have also issued fraud advisories over fake banking apps and spoofed customer-service messages targeting account holders. Reports in the Philippines have documented a rise in phishing links disguised as government notices, e-wallet verification prompts, and pension account updates in recent years.
Cybersecurity researchers say the scam is part of a much larger criminal ecosystem.
A joint investigation by US cybersecurity firm Infoblox and Vietnamese anti-fraud group Chong Lua Dao traced a sophisticated “malware-as-a-service” operation to scam compounds in Cambodia — industrialized cybercrime hubs that package malicious software like subscription products for fraud syndicates. Instead of slowly grooming victims in “pig butchering” scams, criminals are increasingly deploying malicious apps that can seize phones, monitor screens in real time, and drain accounts within minutes.
That shift matters deeply in the Philippines, where digital wallets and mobile banking have become mainstream.
Regulators have been ramping up public advisories on scam texts, fake app downloads, and account takeover fraud as Filipinos move more savings online. Meanwhile, the government has reported on efforts to tighten anti-cybercrime coordination, including faster fraud reporting channels and stronger verification systems for financial platforms.
For one retiree, the scam began with a convincing voice on the phone.
For millions of Filipinos managing pensions, savings and e-wallets on mobile devices, it is becoming a stark warning: the newest bank robber may not need a gun — only a fake app and a trusted name.
