Date: 28 February 2026
Threat Actor: Unknown (Financially Motivated)
Threat Type: Social Engineering / Phishing / Account Takeover (ATO)
Target: Malaysian users on Threads and Telegram
Table of content :
A highly automated phishing campaign is currently targeting the Malaysian public by exploiting the cultural tradition of “Kongsi Rezeki” during the Ramadan and Hari Raya Aidilfitri season. The operation uses fraudulent Touch ’n Go (TnG) QR codes distributed via Threads to lure victims into a credential harvesting scheme.
As of 28 February 2026, live monitoring has confirmed that :
tngduitraya subdomains (all except tngduitraya21), the base tngduitraya.gbdjw.my, and money.gbdjw.my all hosted under the primary domain gbdjw.my.This campaign mirrors the "Bantuan Kerajaan" tactics previously flagged by the Royal Malaysia Police (PDRM), suggesting a persistent threat actor with localized expertise. While this does not confirm the same threat actor is responsible, the identical modus operandi indicates continuity in targeting strategies. Immediate public awareness and domain blocking are recommended to mitigate further victimisation.
The campaign leverages the festive spirit of Hari Raya Aidilfitri to lower user suspicions and maximize victim engagement. Attackers exploit the cultural tradition of "Kongsi Rezeki" or sharing fortune, a practice commonly associated with charitable giving during the Ramadan season to appear legitimate to their fraudulent scheme.
Posts on Threads promise "Duit Raya" basically a money packet for Hari Raya Aidilfitri or financial assistance urging users to scan QR codes that appear to be from Touch 'n Go, Malaysia's leading e-wallet platform. To appear more credible, the phishing pages incorporate official government branding including logos from the MyKasih Foundation, a legitimate Malaysia’s financial aid initiative. This blend of cultural relevance and institutional impersonation creates a highly convincing posts evading local Malaysians suspicion.