Android Banking Trojan Linked to Cambodian Scam Operations
Severity: High (Score: 68.0)
Sources: Securitybrief.Au, Securitybrief.Asia, Cfotech.Au
Summary
Infoblox Threat Intel has identified a mobile banking trojan linked to scam compounds in Cambodia, specifically the K99 Triumph City site, which has been previously flagged for forced labor and large-scale scams. This operation is characterized by a malware-as-a-service platform that registers 35 fraudulent domains monthly, impersonating banks and government agencies across at least 21 countries. The trojan targets users primarily in Indonesia, Thailand, Spain, and Türkiye, persuading them to install fake applications that compromise their devices. Once installed, the malware can capture biometric data, intercept SMS codes, and access banking applications, facilitating unauthorized fund transfers. This marks a significant escalation from social engineering scams to direct financial theft. The findings highlight the organized nature of these operations, which combine human trafficking with sophisticated cybercrime tactics. Authorities and security researchers have long suspected these connections, and this research provides concrete evidence linking the two. Key Points: • The Android banking trojan is linked to Cambodian scam compounds, affecting users in 21 countries. • Malware operates through a service model, registering 35 new fraudulent domains monthly. • Trojan captures biometric and SMS data to bypass security measures in mobile banking.