KUALA LUMPUR: A report by an Australian broadcaster has claimed that a Malaysian "mastermind" behind a network of phishing scams which stole millions from victims worldwide is still active.
According to ABC's 7.30 programme, the alleged mastermind is being probed by authorities in Australia, the United States and Malaysia over his role in one of the world's biggest phishing operations.
It said last November, a joint investigation by the FBI, Australian Federal Police (AFP) and Malaysian police led to a raid on the home of the mastermind who purportedly runs BulletProftLink, a one-stop online shop for identity theft.
The site, according to the report, allowed people to buy fake login pages for large international companies designed to fool victims into giving personal details, usernames and passwords.
In the raid, eight people were reportedly arrested, while authorities also seized credit cards, jewellery and vehicles belonging to syndicate members.
Also seized was an e-wallet holding nearly RM1 million.
The report claimed despite this, the mastermind's operations were never disbanded, citing the findings of cybercrime forensic investigator Bex Nitert who first "unmasked" the mastermind.
She said an Australian government agency had sought her help following a data breach several years ago.
In the course of her probe, Nitert said she discovered the full scale of the mastermind's operations including tracking Bitcoin transactions, contact details of clients and invoices.
She estimates he earned over RM3 million a year.
Another Sydney-based cybersecurity expert, Gabor Szathmari also reportedly uncovered the mastermind's role in BulletProftLink.
Nitert and Szathmari reported their findings to law enforcement in 2020, and last year, the mastermind was arrested.
But weeks later, a Telegram message on BulletProftLink's channel indicated that the mastermind was still active.
"Wassup guys! Uncle D here," said the message from someone claiming to be the mastermind.
According to the message, after "small issues" with the authorities, they were back in business with a new name "CyberVault" and new "tools" for their customers.
Nitert said she has been investigating CyberVault and found it was also in the business of phishing scams.
When contacted, Malaysian police told 7.30 that it was still gathering intel for more analysis while the AFP declined comment, saying it continued to work with foreign partners on the case.