- Infoblox and Chong Lua Dao discover global MaaS platform
- Counterfeit domains collect KYC data, intercept SMS and empty bank accounts
- Captive workers trafficked into Cambodian scam complex linked to elites
Malware operators (people who send phishing emails and guide others through the infection chain) do not always do so of their own volition; Sometimes they are trafficked to scam centers and forced to work there.
One such global criminal organization was discovered by security researchers Infoblox Threat Intel and Vietnamese nonprofit Chong Lua Dao, who recently observed an increase in anomalous DNS traffic on Infoblox customer networks, leading them to a previously undocumented malware-as-a-service (MaaS) platform.
Further investigation found that the platform registers approximately 35 new domains every month and is active in at least 21 countries, including Indonesia, Thailand, Spain and Türkiye.
Article continues below.
Political and military ties
The domains spoof legitimate government and banking websites. Victims who download the fake software must go through the Know Your Customer (KYC) process, during which attackers collect personal data, biometric data, and more.
Once installed, the malware gives attackers control over the device, including intercepting SMS messages to obtain one-time passwords and using real banking apps to transfer money.
At the same time, several captive workers contacted Chong Lua Dao, demanding ransom at K99 Triumph City, a complex in Sihanoukville, Cambodia, which had previously been flagged by the UN for large-scale fraud and forced labor.
After being rescued, they shared closed group chat logs, screenshots, and other data that confirmed that a service-based scam and malware distribution operation was running on the associated infrastructure, and that several tracked domains were being used in the scam.
The investigation also found that there is a small, tight-knit group of politically connected people who control who has access to the K99 facility. This centralized organization has people at the top with political cover and the most significant name that emerged is Senator Kok An.
He is apparently a well-known figure in Sihanoukville’s real estate and casino world, and his name has appeared in multiple reports connecting the city’s gambling infrastructure and organized crime to political power.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
