{"id":105115,"date":"2026-04-14T10:06:23","date_gmt":"2026-04-14T06:06:23","guid":{"rendered":"https:\/\/techxmedia.com\/en\/?p=105115"},"modified":"2026-04-14T10:06:24","modified_gmt":"2026-04-14T06:06:24","slug":"scam-operations-exposed-in-android-banking-trojan","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/scam-operations-exposed-in-android-banking-trojan\/","title":{"rendered":"Scam operations exposed in Android banking trojan"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>Scam operations linked to large-scale cybercrime networks have surged across Southeast Asia, alongside rising malware-enabled fraud and remote-access scams. Governments across the region have issued repeated warnings in recent years.<\/p>\n\n\n\n<p>In a new joint investigation, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Infoblox\">Infoblox<\/a> Threat Intel and Vietnamese non-profit Chong Lua Dao uncovered an Android banking trojan linked to suspected scam operations. The malware is believed to be operated from multiple locations, including the K99 Triumph City compound in Cambodia. This site has previously been flagged by the UN and other organisations for large-scale scams and forced labour.<\/p>\n\n\n\n<p>Researchers identified the threat after detecting a spike in anomalous DNS traffic across Infoblox customer networks. This led them to a previously undocumented malware-as-a-service platform. The platform registers around 35 new domains every month. These domains spoof banks, social security agencies, tax authorities, utilities, and law enforcement bodies across at least 21 countries. Activity is most concentrated in Indonesia, Thailand, Spain, and T\u00fcrkiye.<\/p>\n\n\n\n<p>Once victims install fake government or banking applications, operators gain full control of the device. The trojan captures facial-recognition data during spoofed KYC checks. It also intercepts SMS one-time passcodes. In addition, it can silently log into mobile banking apps and move funds across borders. This turns biometrics and OTP systems into attack surfaces for account takeover fraud.<\/p>\n\n\n\n<p>According to Infoblox Threat Intel leadership, these are not isolated scams but industrial-scale operations. The research highlights how scam compounds are evolving into structured cybercrime factories. These systems combine malware distribution with advanced social engineering techniques such as pig butchering scams to steal banking credentials and monitor victims.<\/p>\n\n\n\n<p>The findings also warn that banks, fintech firms, and <a href=\"https:\/\/techxmedia.com\/en\/category\/government\/\">governments<\/a> must strengthen Android and mobile security beyond SMS verification and basic biometrics. Otherwise, they may face more coordinated cross-border attacks and increased regulatory pressure over mobile fraud resilience linked to scam operations.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scam operations linked to large-scale cybercrime networks have surged across [&hellip;]<\/p>\n","protected":false},"author":58,"featured_media":105119,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[1051],"contributor":[9732],"class_list":["post-105115","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-vendors","contributor-news-desk"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2026\/04\/Banking-Apps_English-copy-21.jpg.jpeg","author_info":{"display_name":"Lubna","author_link":"https:\/\/techxmedia.com\/en\/author\/lubna\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/105115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=105115"}],"version-history":[{"count":1,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/105115\/revisions"}],"predecessor-version":[{"id":105116,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/105115\/revisions\/105116"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/105119"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=105115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=105115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=105115"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=105115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}