Scams, Slaves and (Malware-as-a) Service: Tracking a Trojan to Cambodia’s Scam Centers

Infoblox Threat Intel and partner Chong Lua Dao describe an active Android banking trojan MaaS used to distribute malicious APKs via lookalike government and banking lure sites, enabling real-time surveillance, SMS/OTP interception, biometric capture, and financial fraud; the operation is large-scale, multilingual, links to scam centers (including K99 Triumph City), registers ~35 domains/month, and includes identified domains, C2 IPs, and malware hashes.