- Infoblox & Chong Lua Dao uncover global MaaS platform
- Spoofed domains harvest KYC data, intercept SMS, drain bank accounts
- Captive workers trafficked into Cambodian scam compound tied to elites
Malware operators – people sending phishing emails and guiding people through the infection chain – don’t always do it on their own free will – sometimes they are trafficked into scam centers and forced to work there.
One such global criminal organization was uncovered by security researchers Infoblox Threat Intel, and Vietnamese non-profit Chong Lua Dao, who recently observed a spike in anomalous DNS traffic across Infoblox customer networks, which led them to a previously undocumented malware-as-a-service (MaaS) Platform.
Further investigation uncovered that the platform registers roughly 35 new domains each month, and is active in at least 21 countries including Indonesia, Thailand, Spain, and Turkey.
Article continues below
Political and military ties
The domains spoof legitimate government and banking websites. Victims that download the fake software are required to go through the Know Your Customer (KYC) process, during which the attackers harvest personal data, biometrics, and more.
Once installed, the malware grants the attackers control over the device, including intercepting SMS messages for one-time passcodes, and using actual banking apps to wire money out.
At the same time, several captive workers contacted Chong Lua Dao, requesting rescue from K99 Triumph City – a compound in Sihanoukville, Cambodia that was previously flagged by the UN for large-scale fraud and forced labor.
After being rescued, they shared closed-group chat logs, screenshots, and other data that confirmed a service-based malware distribution and scam operation was running on associated infrastructure, and that several tracked domains were being used in the scam.
The research also uncovered that there is a small, tight-knit group of politically connected individuals that control who gets access to the K99 compound. This centralized organization has people at the top with political cover and the most significant name that surfaced is Senator Kok An.
Apparently, he’s a well-known figure in Sihanoukville’s casino and real estate world, and his name has appeared in multiple reports connecting the city’s gambling and organized crime infrastructure to political power.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-2560-80.jpg
Source link
