Published on: 2025-12-15

AI-powered OSINT brief from verified open sources. Automated NLP signal extraction with human verification. See our Methodology and Why WorldWideWatchers.

Intelligence Report: Man jailed for teaching criminals how to use malware

1. BLUF (Bottom Line Up Front)

A Malaysian national, Cheoh Hai Beng, has been jailed in Singapore for creating video tutorials to teach cybercriminals how to use the Spymax malware. This case marks Singapore’s first prosecution of its kind, highlighting a growing trend of indirect involvement in cybercrime. The incident underscores the evolving threat landscape where knowledge dissemination is as critical as direct cyber attacks. Overall confidence in this assessment is moderate due to limited information on the broader network involved.

2. Competing Hypotheses

• Hypothesis A: Cheoh Hai Beng acted independently as a technical instructor without direct involvement in cybercriminal activities. Evidence supporting this includes his role being limited to creating instructional content. However, the lack of information on his motivations and connections to the broader criminal network introduces uncertainty.
• Hypothesis B: Cheoh Hai Beng was an integral part of a larger organized cybercrime operation, actively contributing to its strategic objectives. This is supported by his long-standing acquaintance with Lee Rong Teng and the structured nature of the tutorials. Contradicting this is the absence of evidence linking him to direct financial gains from the malware’s deployment.
• Assessment: Hypothesis B is currently better supported due to Cheoh’s connection with known cybercriminals and the strategic nature of his instructional role. Key indicators that could shift this judgment include evidence of financial transactions benefiting Cheoh or further links to additional cybercrime activities.

3. Key Assumptions and Red Flags

• Assumptions: Cheoh’s instructional activities were limited to the period between February and May 2023; the Spymax malware was primarily used for financial gain; Cheoh’s acquaintance with Lee Rong Teng was a significant factor in his involvement.
• Information Gaps: Details on the broader criminal network and its operations; Cheoh’s financial records to assess personal gains; the full extent of the malware’s deployment and impact.
• Bias & Deception Risks: Potential bias in media reporting focusing on sensational aspects; possible underreporting of Cheoh’s role by authorities to protect ongoing investigations; deception risks from Cheoh’s statements during prosecution.

4. Implications and Strategic Risks

This development highlights the increasing sophistication of cybercrime operations, where technical knowledge dissemination is as valuable as direct attacks. It may prompt policy changes and enhanced cybersecurity measures.

• Political / Geopolitical: Potential diplomatic tensions if further international links are discovered; increased focus on international cooperation in cybercrime prevention.
• Security / Counter-Terrorism: Heightened awareness of indirect cybercrime roles; potential for similar instructional roles in other criminal activities.
• Cyber / Information Space: Increased scrutiny on online platforms hosting instructional content; potential rise in similar malware tutorials.
• Economic / Social: Possible increase in financial fraud cases; public awareness campaigns on phishing and malware risks.

5. Recommendations and Outlook

• Immediate Actions (0–30 days): Enhance monitoring of online platforms for similar instructional content; engage with international partners to trace the broader criminal network.
• Medium-Term Posture (1–12 months): Develop public awareness campaigns on cyber hygiene; strengthen legal frameworks to address indirect roles in cybercrime.
• Scenario Outlook: Best: Disruption of the criminal network and reduction in malware incidents. Worst: Proliferation of similar instructional roles leading to increased cybercrime. Most-Likely: Gradual adaptation of law enforcement and policy measures to address the evolving threat.

6. Key Individuals and Entities

• Cheoh Hai Beng – Malaysian national, convicted instructor
• Lee Rong Teng – Taiwanese national, acquaintance and possible facilitator
• Spymax – Malware used in the instructional videos

7. Thematic Tags

cybersecurity, cybercrime, malware, international cooperation, legal frameworks, cyber hygiene, financial fraud

Structured Analytic Techniques Applied

• Adversarial Threat Simulation: Model and simulate actions of cyber adversaries to anticipate vulnerabilities and improve resilience.
• Indicators Development: Detect and monitor behavioral or technical anomalies across systems for early threat detection.
• Bayesian Scenario Modeling: Quantify uncertainty and predict cyberattack pathways using probabilistic inference.
• Network Influence Mapping: Map influence relationships to assess actor impact.

Explore more:
Cybersecurity Briefs ·
Daily Summary ·
Support us