PETALING JAYA: Never mind scam calls, stalking by cyber creeps is the new horror experience.
Experts say cyberstalking has become the new focus in Malaysia’s fight against cybercrime, with spyware-laden apps, stolen personal data and insider leaks providing stalkers the means to invade lives undetected.
Cybersecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab said despite updates in 2023, existing laws remain inadequate to deal with cybercrimes.
“Malaysia amended the Penal Code in 2023 to criminalise stalking, including cyberstalking, under Section 507A. However, enforcement challenges remain due to anonymous online behaviour, outdated legal tools
and limited victim support mechanisms,” Amirudin said in an emailed response to theSun.
He also said these cases also remain underreported due to stigma, fear and lack of awareness.
Amirudin said the personal data used in such incidents is often obtained through data breaches, public social media accounts, malicious mobile apps or leaks from third parties, such as insiders from call centres who sell personal contact information to scam syndicates.
“Scammers use this information to make unsolicited calls, send messages or add individuals to scam groups on platforms like Telegram or WhatsApp. While GPS tracking and spyware are less common, they are used in more targeted cases,” he said.
Amirudin also advised victims
of cyberstalking to systematically gather and preserve digital evidence to support investigations.
“Victims should take clear screenshots of messages, call logs, profiles and any suspicious content, ensuring that dates and times are clearly visible. Chat logs, emails and media files must be saved in their original, unaltered format.”
“Where possible, back up all evidence to a secure cloud service or external storage device. Once collected, this evidence should be reported promptly to relevant authorities for appropriate action.”
According to Malaysia Computer Emergency Response Team data, Malaysia logged 4,219 online fraud cases in 2024, making it the top cybercrime in the country. This was followed by digital intrusions, with 755 cases.
Commenting on the technical landscape, Taylor’s University professor and Global Alliance for Cyber Safety director Datuk Husin Jazri said stalkerware and obfuscated malware are increasingly being used in cases of intimate partner violence and gender-based threats in Malaysia.
“These tools allow perpetrators to monitor, record and control victims remotely. They are difficult to detect,” he said.
Husin cited several examples of such malicious apps, which are often disguised as phone RAM boosters, battery optimisers, child monitoring tools or even free keyboard apps.
These apps commonly request high-level permissions or exploit Android’s Accessibility Services to intercept data and log user activity.
Husin also warned that fake system apps are being used to steal sensitive information.
“These apps disguise themselves as firmware updates but are actually sideloaded apps or phishing tools.
“They operate silently in the background without any visible icon, capable of recording microphone audio, capturing periodic screenshots and even harvesting messaging data from apps such as WhatsApp and Telegram,” he added.
He also said Malaysia has limited technical capacity to trace and effectively respond to cyberstalking cases.
“We need a dedicated agency to ensure our digital citizens are safe and aware of the surrounding threats that are targeted at a random pace,” he said.
He also urged immediate action, including the introduction of a Cyber Safety Act, revamping outdated laws like the Computer Crimes Act 1997, and rolling out cyber education in schools.
“Companies should be mandated to provide regular training for employees on data protection and online safety, as cyber threats are constantly evolving, particularly with the rise of AI (artificial intelligence),” he added.
