In Bangkok, two young men were arrested with an SMS blaster hidden in their car. An investigation points to a Chinese mastermind already tied to other operations.
Thai police dismantled a mobile hacking setup used to send thousands of fraudulent SMS messages impersonating banks and government agencies. Two men, aged 23 and 25, were arrested on August 15 with an SMS blaster hidden inside a Suzuki car. The device, made up of a fake base station and antennas, was capable of flooding passersby with phishing messages leading to fraudulent sites. The suspects admitted working for a Chinese “boss,” echoing a similar case earlier in August. The operation highlights the spread of transnational cybercrime networks in Asia, specializing in bank data theft through fake mobile alerts.
Arrest in Bangkok
On August 15, a white rental car driving through downtown Bangkok caught the attention of investigators. While tailing it, police officers themselves received fake bank alert texts. A search confirmed their suspicions: the vehicle contained a full system for distributing fraudulent SMS. It included a rogue base station, a router, an independent power supply, and a “shark fin” antenna mounted on the roof to conceal the transmitter. The system mimicked a trusted mobile relay to trick nearby devices.
The two arrested men, aged 23 and 25, drove through Bangkok’s busiest districts, bombarding phones with malicious texts. These messages contained links to phishing sites designed to capture banking credentials and one-time passcodes. Police reports indicate accounts were drained within minutes of data entry.
The Shadow of a Chinese Mastermind
During questioning, the suspects admitted being recruited by a Chinese “boss.” One explained he was paid up to 3,300 baht (≈ $85) per day for two rounds, sending about 10,000 SMS daily. He said he was contacted by a Cambodian intermediary, trained remotely, and equipped with devices shipped from abroad.
A similar case earlier in August had already involved two Thais caught with the same setup in a Mazda. One suspect claimed he was hired via Telegram by a Chinese national for about 5,000 baht (≈ $128) per day. Investigators are probing whether a single Chinese mastermind is behind both cases. They suspect broader links to Asian networks active in illegal call centers and large-scale SMS phishing operations.
A Global Method
The SMS blaster technique is not limited to Thailand. These devices, functioning like rogue antennas, can mass-broadcast messages to all phones within range. In March, a Chinese student was sentenced in London to more than a year in prison for driving a Honda equipped with such a system. Comparable arrests have been reported in Indonesia, Qatar, and even Paris.
Thai police charged the suspects with fraud, illegal possession of telecom equipment, unauthorized operation of a radio station, and cybercrime violations. The central role of Chinese organizers, outsourcing operations to local recruits on daily pay, illustrates an industrial model of digital fraud. These campaigns bypass classic security measures since SMS appear to come from legitimate senders and reach victims without requiring them to first click a suspicious link.
IMSI-Catcher in Paris: What to Remember
In February 2023, France’s Gendarmerie and Judicial Police (ComCyberGend) discovered an IMSI-Catcher suitcase hidden in a vehicle in Paris’s 10th arrondissement. It broadcast fake official SMS, including ones impersonating France’s national health system. The device, acting like a fake relay antenna, intercepted nearby smartphones and enabled large-scale phishing.
The driver was arrested during a traffic stop. She admitted being paid a few hundred euros to drive slowly through the streets while her equipment intercepted up to 17,000 phones. Investigators identified the masterminds: two executives of a digital marketing company based in Neuilly-sur-Seine.
Each criminal device cost about €20,000. The operation was considered a world first, both for the mobile use of an IMSI-Catcher and its fraudulent phishing purpose.
Thailand is becoming a deployment ground for mobile phishing campaigns coordinated remotely. The key question is whether these mobile and discreet operations signal a new phase in the technological influence war driven by Chinese criminal networks across Asia. [ZATAZ News English version]
Sources:
