.png)
MALAYSIANS are being urged to avoid downloading unofficial mobile applications in APK format related to the government's BUDI95 fuel subsidy initiative, amid growing concerns over potential cyber threats.
Siraj Jalil, President of the Malaysia Cyber Consumer Association (MCCA), warned that cybercriminals and phishing syndicates are likely to exploit the rollout of multiple digital platforms under BUDI95 by distributing malicious sideloaded apps to unsuspecting users.
“Users must be reminded to only download the digital applications associated with the BUDI95 initiative from official app stores such as the Play Store or App Store,” he said in an interview with Harian Metro today.
“I have no doubt that third parties, particularly scam syndicates, will attempt to take advantage of the public’s eagerness to access the new platforms by distributing rogue applications outside of official channels.”
According to Siraj, the announcement by the government that several apps will be integrated for BUDI95 may lead to a sharp increase in app downloads, creating an opportune environment for phishing and other forms of digital fraud.
He urged the government and relevant cybersecurity bodies — including the National Cyber Security Agency (NACSA) and CyberSecurity Malaysia (CSM) — to intensify public awareness efforts through campaigns, in-app notifications, and close collaboration with the media.
MCCA also proposed the establishment of a dedicated fast-response complaint centre specifically for BUDI95-related cybercrime reports to ensure that victims can take swift action before suffering major losses.
“It’s no longer surprising if, in the coming days, we hear of users being duped into downloading rogue apps designed to look like official BUDI95 platforms. Many of these users may proceed to perform transactions within the apps, opening the door to serious cybercrime,” he said.
Siraj further stressed that both the government and app developers must ensure that the systems used comply with international cybersecurity standards and the newly enacted Cyber Security Act 2024 (Act 854).
He also called for immediate intervention measures to raise user awareness and tighten account verification processes within the official digital platforms.
“Any phishing attempts using rogue links must be reported immediately to the authorities so appropriate action can be taken,” he added. - September 22, 2025