‘Malicious scripts’ to blame for unsolicited OTP, says MySejahtera

Estimate Reading Time: < 1 minute

PETALING JAYA: “Malicious scripts” are to blame for the MySejahtera application sending an unsolicited one-time password (OTP) to users, the phone application’s team said today.


In a statement, the MySejahtera team said it received numerous complaints on its helpdesk and social media platforms of users receiving text messages with OTPs for them to verify their phone number to check in at locations.

“The MySejahtera team has investigated the matter and found that the check-in QR registration feature meant for business premises was misused by some malicious scripts to send the OTP to random phone numbers.

“Since then these API (Application Programming Interface) endpoints have been blocked and a fix to enhance security will be moved tonight,” it said.


The team apologised for inconveniencing users, assuring them that none of their personal data was accessed by these scripts. It added that random phone numbers received the spam messages to verify their numbers.

Malaysians had received the OTP messages over the past few days, which gave users an OTP for “check-in registration” which it claimed would expire in five minutes.-FMT