SINGAPORE: In a landmark cybercrime verdict, a Singapore court has sentenced a Malaysian national to five-and-a-half years’ imprisonment for producing malware tutorial videos that enabled an international criminal syndicate to carry out large-scale financial fraud. The case has drawn attention for being the first in Singapore where an individual was prosecuted specifically for teaching others how to use malware.
The accused, Cheoh Hai Beng (49), was found guilty of being a member of an organised criminal group and conspiring to gain unauthorised access to computer systems. Court records show that the syndicate’s activities led to financial losses of approximately ₹20.5 crore (about S$3.2 million) suffered by 129 victims in Singapore.
Android Devices Turned Into Tools of Fraud
According to the prosecution, the syndicate relied on a highly sophisticated remote access trojan (RAT) malware known as “Spymax”, designed to take complete control of Android mobile phones once installed. The malware allowed operators to:
- Carry out unauthorised bank transfers through mobile banking applications
- Access passwords, OTPs and cryptocurrency wallets
- Remotely control phone cameras, read messages, extract contact lists and track GPS locations
To evade detection, the spyware was disguised as legitimate applications, including online shopping or utility apps, enabling it to remain hidden on victims’ phones for extended periods.
Friendship Forged in Prison Led to Cybercrime Network
The origins of the case date back to 2008, when Cheoh met Lee Rong Teng, a Taiwanese national, while both were serving prison sentences in South Korea. The two became friends and remained in contact after their release.
In 2022, Lee invited Cheoh then unemployed to join him in the Dominican Republic. There, Lee introduced him to the spyware software, describing it as a tool capable of “spying on people’s phones”.
From Learning Malware to Teaching It
In January 2023, Cheoh began learning how the malware functioned. Soon after, Lee asked him to record instructional videos demonstrating the use of Spymax, which were intended to be sold to other criminals and potential “business partners”. The tutorial videos detailed:
- Installation and configuration of the malware
- Accessing banking and cryptocurrency applications
- Monitoring phone cameras, messages and GPS locations
Between February and May 2023, Cheoh recorded at least 20 tutorial videos, using mobile phones and laptops provided by Lee.
Small Payment, Massive Damage
For his role, Cheoh received US$1,700 (approximately ₹1.4 lakh) over several months. However, the court noted that these videos played a critical role in enabling other members of the syndicate to execute large-scale fraud operations. Between June 2023 and June 2024:
- Android phones belonging to 129 Singapore residents were compromised
- Unauthorised transactions worth over S$3.19 million were carried out using mobile banking apps
Investigators also uncovered discussions within the syndicate about creating fake landing pages to lure victims into downloading malware-infected applications.
Arrest and Extradition
Cheoh was arrested on June 12, 2024, at his home in Penang by the Royal Malaysian Police, following a joint operation with Singapore’s Technology Crime Investigation Bureau. He was subsequently extradited to Singapore and remanded in custody. He was charged with:
- Being a member of a locally linked organised criminal group
- Conspiring to obtain unauthorised access to computer systems
Prosecution: “Teaching Crime, Not Just Committing It”
During sentencing, the prosecution described Cheoh’s actions as particularly dangerous.
“There is a saying: give a man a fish and he eats for a day; teach a man to fish and he eats for life,” the deputy public prosecutor told the court. “In this case, the accused taught criminals how to commit offences repeatedly and at scale.”
The prosecution argued that the syndicate’s transnational nature and the widespread use of Android phones significantly amplified the potential harm.
Defence Plea Rejected
Cheoh’s defence claimed that he was a low-ranking participant whose involvement was limited to filming videos and that he did not directly handle stolen funds. It was also argued that fraudulent activities continued even after he stopped recording tutorials.
The court rejected these submissions, stating that providing technical training was central to the success of the criminal enterprise.
Strong Message to Cyber Offenders
The court sentenced Cheoh to five years and six months’ imprisonment and imposed a fine of S$3,608, representing the proceeds he earned from the offence.
In its ruling, the court emphasised that enabling cybercrime through training and technical support is as serious as committing the crime itself, sending a strong warning to individuals who facilitate digital fraud from behind the scenes.
