- Infoblox and Chong Lua Dao discover a global MaaS platform
- Spoofed domains harvest KYC data, intercept text messages and empty bank accounts
- Captive workers trafficked to Cambodian fraud complex linked to elites
Malware operators – the people who send phishing emails and guide people through the infection chain – don’t always do so willingly: they are sometimes brought to scam centers and forced to work there.
One such global criminal organization was discovered by Infoblox security researchers Threat Intel and Vietnamese nonprofit Chong Lua Dao, who recently observed an increase in anomalous DNS traffic on Infoblox customer networks, leading them to a previously undocumented malware-as-a-service (MaaS) platform.
Further investigation revealed that the platform registers around 35 new domains every month and is active in at least 21 countries, including Indonesia, Thailand, Spain and Turkey.
Article continues below
Political and military ties
The domains spoof legitimate government and bank websites. Victims who download the fake software have to go through the Know Your Customer (KYC) process, during which the attackers collect personal data, biometric data, etc.
Once installed, the malware allows attackers to control the device, including intercepting SMS messages for one-time passcodes and using real banking apps to transfer money.
At the same time, several captive workers contacted Chong Lua Dao asking to be rescued at K99 Triumph City, a compound in Sihanoukville, Cambodia, previously reported by the UN for large-scale fraud and forced labor.
After being rescued, they shared closed group chat logs, screenshots, and other data confirming that a service-based malware distribution and scam operation was running on associated infrastructure, and that multiple tracked domains were used in the scam.
The research also found that there is a small, close-knit group of politically connected individuals who control access to the K99 compound. This centralized organization has people at the top with political cover and the most prominent name that has surfaced is that of Senator Kok An.
Apparently, he is a well-known figure in Sihanoukville’s casino and real estate world, and his name has appeared in numerous reports linking the city’s gambling and organized crime infrastructure to political power.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
