A major cybercrime case has come to light in South Korea, revealing how a gang used a secret hacking app to steal private information and extort money from massage parlor clients. Police announced that 15 people were involved in the scheme, including the main organizers, their assistants, and those who helped launder the stolen money.
The gang tricked massage parlor owners into installing what looked like a regular business management app. They claimed it would help track customers and appointments. However, the app was actually a hacking tool designed to steal the private data of customers who visited the parlors.
Through this malicious app, the criminals were able to access customer names, phone numbers, text messages, and even call logs. With this information in hand, they contacted male clients and pretended they had secretly recorded videos of them during their visits to the massage parlors.
The gang sent threatening messages to the victims, saying things like, “We installed cameras in the massage rooms and have your video. If you don’t pay, we’ll send it to your family and friends.” These claims were completely false — there were no real videos or hidden cameras. But the threats were convincing enough to scare many victims into sending money to protect their reputations.
Victims Targeted and Money Extorted
Police identified a total of 62 victims in the investigation. Out of these, 36 people sent money to the criminals after receiving the fake threats. The victims paid amounts ranging from 1.5 million to 47 million Korean won, depending on how afraid they were or how much pressure they felt.
The remaining 24 victims refused to pay, but the gang still tried to get nearly 200 million won more through their extortion attempts. Overall, the total amount involved in the scam reached hundreds of millions of won — equal to hundreds of thousands of U.S. dollars.
According to police reports, the gang members used most of the money for entertainment, gambling, and daily expenses. None of the stolen funds were used for legitimate business purposes.
The ringleader of the operation was the one who purchased the hacking app from an online source. Working with close partners, the group rented an office, bought laptops and burner phones, and divided their roles carefully. Some members handled the stolen data, others sent threatening messages, while another team took care of collecting and withdrawing the money from the victims.
Police Investigation and Arrests
The case came to the attention of authorities during an investigation into another cybercrime. When officers found the suspicious app installed on a massage parlor owner’s phone, they followed the digital trail and uncovered the gang’s entire operation.
Philippines on alert as data breach fears swirl around GCash — company denies system hack
The police cyber investigation unit of the Gyeonggi Nambu Provincial Police Agency led the probe. After months of tracking, they managed to arrest 15 people connected to the case. Five of them were the main members, while the rest were money launderers and aides who helped hide the criminals or move their illegal earnings.
The first arrests were made in August 2023, when officers captured two suspects who had been using the app. Over time, more members were caught in different parts of the country. The main leader was later detained for another crime, while two others were found in Gyeongnam and Busan earlier this year.
Investigators also discovered that one of the suspects had continued the same type of scam even while on the run. He carried out additional extortion attempts in October last year and March this year, stealing another 36 million won before being caught.
Police stated that the criminals had been evading capture for nearly two years before the operation was fully exposed.
A police official warned the public to be extremely careful when installing apps from unofficial app stores or random websites, as these can easily contain malware or spyware designed to steal personal data.
