Scams, Slaves and (Malware-as-a) Service: Tracking a Trojan to Cambodia’s Scam Centers

Infoblox Threat Intel and Chong Lua Dao detail an active, evolving Android banking trojan-as-a-service used by multilingual scam centers (including K99 Triumph City in Sihanoukville, Cambodia) to distribute malicious APKs via crafted lure domains impersonating government and financial services; the malware provides real-time remote monitoring, SMS/OTP interception, credential and biometric exfiltration, and is supported by hundreds of rotating domains and C2 servers, with technical IOCs and victim testimony linking the infrastructure to organized forced-labor scam operations.