- Infoblox & Chong Lua Dao Unveil Global MaaS Platform
- Fake domains harvest KYC data, intercept SMS, drain bank accounts
- Captured workers trafficked into Cambodian fraud complex tied to elites
Malware operators – people who send phishing emails and guide people through the chain of infection – do not always do so of their own free will – sometimes they are trafficked into fraud centers and forced to work there.
One such global criminal organization was uncovered by security researchers Infoblox Threat Intel and Vietnamese non-profit Chong Lua Dao, who recently observed an increase in abnormal DNS traffic across Infoblox customer networks, leading them to a previously undocumented malware-as-a-service (MaaS) platform.
Further investigation revealed that the platform registers around 35 new domains every month and is active in at least 21 countries, including Indonesia, Thailand, Spain and Turkey.
The article continues below
Political and military ties
The domains spoof legitimate government and banking websites. Victims who download the fake software must go through the Know Your Customer (KYC) process, where the attackers harvest personal data, biometrics and more.
Once installed, the malware gives the attackers control over the device, including intercepting SMS messages for one-time codes and using actual banking apps to transfer money.
At the same time, several trapped workers contacted Chong Lua Dao and requested rescue from K99 Triumph City – a compound in Sihanoukville, Cambodia previously flagged by the United Nations for large-scale fraud and forced labor.
After being rescued, the closed group shared chat logs, screenshots and other data confirming that a service-based malware distribution and scam operation was running on associated infrastructure and that multiple tracked domains were used in the scam.
The research also revealed that there is a small, tight-knit group of politically connected individuals who control who gets access to the K99 connection. This centralized organization has people at the top with political cover and the most significant name that emerged is Senator Kok An.
He is apparently a well-known figure in Sihanoukville’s casino and real estate world, and his name has appeared in several reports linking the city’s gambling and organized crime infrastructure to political power.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
