+63 2 8256 7890
Book Appointment
Greyhawk Forensics
back to top

Case Study: Makati Mobile Money App Breach

July 20, 2025

Incident Overview

In early Q2 2024, Greyhawk Forensics was engaged to investigate a security breach involving a rising mobile money app headquartered in Makati, servicing over 500,000 users in Metro Manila and CALABARZON. Within 48 hours, the platform experienced unauthorized cash-outs totaling ₱2.7 million, flagged by internal anomaly detection but not fully contained due to gaps in their app update and verification process.

Key Findings

  • Jailbroken Device Exploits: Threat actors used modified Android environments to bypass OTP authentication and simulate legitimate transactions.
  • API Exposure: The mobile app’s transactional API was exposed via poor token management, allowing repeated cash-out calls once a session token was intercepted.
  • Lack of Device Profiling: The absence of behavioral biometrics and device fingerprinting made it easier for attackers to spoof user identities.
  • Internal Leak Suspicion: Investigation revealed possible internal leakage of test credentials and sandbox environment configurations to third parties.

Greyhawk Response

  • Immediate log preservation and timestamped chain of custody for server and user device data.
  • Deployed Greyhawk Mobile Threat Mapping System™ to trace transactions and identify rogue IP clusters.
  • Coordinated with local authorities and telco providers for SIM triangulation and device registration cross-check.
  • Initiated full app forensic teardown and sandbox simulation to reproduce the exploit chain.

Recommendations Delivered

  • Harden API endpoints using HMAC signatures and IP whitelisting.
  • Deploy root/jailbreak detection and dynamic threat defense libraries.
  • Require biometric verification and device binding for all cash-out transactions.
  • Establish continuous security testing (CST) with Greyhawk’s White Team Unit for monthly threat simulations.

What This Teaches Us

Even in fast-scaling fintech ecosystems, speed should not outrun security. A single flaw in token lifecycle management can lead to multimillion-peso losses overnight. Greyhawk’s intervention provided the client with not just containment, but a full remediation roadmap that enabled the platform to resume operations within 5 business days and regain user trust through transparency and security enhancements.

About Greyhawk Forensics

Greyhawk Forensics is a Philippine-based digital investigation and cybersecurity firm protecting businesses across Southeast Asia. From government audits to fintech forensics, we provide intelligence-grade digital response, blending tech, law, and human behavior.

ComputerHackingCreditCardFraudAndFinancialTheftViaRansomware
Categories: Case StudyTags:

Leave a Comment

footer-shape
earth-footer

ABOUT

Greyhawk Forensics is a trusted provider of Digital Forensics, Cybersecurity, and Corporate Investigation services in the Philippines. We help businesses uncover the truth, protect their digital assets, and act with confidence—discreetly, securely, and professionally.

LINKS

Gallery

#image_title #image_title #image_title 4 5 6

CONTACT

footer-1-1

© Copyright Greyhawk Forensic Manila 2025