{"id":5802,"date":"2026-04-12T11:11:04","date_gmt":"2026-04-12T04:11:04","guid":{"rendered":"https:\/\/chongluadao.vn\/blog\/?p=5802"},"modified":"2026-04-12T13:24:02","modified_gmt":"2026-04-12T06:24:02","slug":"lua-dao-no-le-va-maas","status":"publish","type":"post","link":"https:\/\/chongluadao.vn\/blog\/2026\/04\/lua-dao-no-le-va-maas\/","title":{"rendered":"L\u1eeba \u0111\u1ea3o, n\u00f4 l\u1ec7 v\u00e0 MaaS: Truy v\u1ebft Trojan \u0111\u1ebfn c\u00e1c trung t\u00e2m l\u1eeba \u0111\u1ea3o t\u1ea1i Campuchia"},"content":{"rendered":"\n<p>C\u00e1c v\u1ee5 l\u1eeba \u0111\u1ea3o t\u00e0i ch\u00ednh v\u00e0 t\u1ea5n c\u00f4ng truy c\u1eadp t\u1eeb xa c\u00f3 s\u1ef1 h\u1ed7 tr\u1ee3 c\u1ee7a malware \u0111ang ng\u00e0y c\u00e0ng gia t\u0103ng, trong b\u1ed1i c\u1ea3nh c\u00e1c c\u01a1 s\u1edf l\u1eeba \u0111\u1ea3o quy m\u00f4 c\u00f4ng nghi\u1ec7p \u1edf \u0110\u00f4ng Nam \u00c1 ti\u1ebfp t\u1ee5c sinh s\u00f4i. Nhi\u1ec1u qu\u1ed1c gia trong khu v\u1ef1c \u0111\u00e3 li\u00ean t\u1ee5c ph\u00e1t \u0111i c\u1ea3nh b\u00e1o ch\u00ednh th\u1ee9c trong ba n\u0103m qua. Song vi\u1ec7c truy ng\u01b0\u1ee3c m\u1ed9t d\u00f2ng malware c\u1ee5 th\u1ec3 v\u1ec1 t\u1eadn c\u00e1c khu ph\u1ee9c h\u1ee3p kh\u00e9t ti\u1ebfng n\u00e0y v\u1eabn lu\u00f4n l\u00e0 b\u00e0i to\u00e1n kh\u00f3 cho \u0111\u1ebfn nay.<\/p>\n\n\n\n<p>H\u1ee3p t\u00e1c c\u00f9ng \u0111\u1ed9i ng\u0169 chuy\u00ean gia Threat Intel c\u1ee7a <a href=\"https:\/\/www.infoblox.com\/\" target=\"_blank\" rel=\"noopener\">Infoblox<\/a> &#8211; m\u1ed9t c\u00f4ng ty an ninh m\u1ea1ng c\u00f3 tr\u1ee5 s\u1edf t\u1ea1i California, Hoa K\u1ef3, Ch\u1ed1ng L\u1eeba \u0110\u1ea3o \u0111\u00e3 <a href=\"https:\/\/chongluadao.vn\/posts\/chong-lua-dao-tham-gia-cuoc-dieu-tra-toan-cau-ve-vu-khi-moi-cua-toi-pham-lua-dao:-ai-ma-doc-va-con-bao-hoan-hao\">ti\u1ebfn h\u00e0nh \u0111i\u1ec1u tra<\/a> m\u1ed9t trojan Android \u0111\u01b0\u1ee3c v\u1eadn h\u00e0nh t\u1eeb nhi\u1ec1u \u0111\u1ecba \u0111i\u1ec3m, trong \u0111\u00f3 c\u00f3 khu ph\u1ee9c h\u1ee3p K99 Triumph City \u1edf Campuchia. K\u1ebft lu\u1eadn n\u00e0y \u0111\u01b0\u1ee3c \u0111\u01b0a ra d\u1ef1a tr\u00ean ph\u00e2n t\u00edch k\u1ef9 thu\u1eadt, l\u1eddi khai c\u1ee7a ng\u01b0\u1eddi \u0111\u00e3 tr\u1ed1n tho\u00e1t, v\u00e0 b\u1eb1ng ch\u1ee9ng thu \u0111\u01b0\u1ee3c t\u1eeb b\u00ean trong khu ph\u1ee9c h\u1ee3p b\u1edfi ch\u00ednh c\u00e1c n\u1ea1n nh\u00e2n bu\u00f4n ng\u01b0\u1eddi.<\/p>\n\n\n\n<p>Khu ph\u1ee9c h\u1ee3p n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c Li\u00ean H\u1ee3p Qu\u1ed1c v\u00e0 nhi\u1ec1u t\u1ed5 ch\u1ee9c kh\u00e1c ghi nh\u1eadn r\u1ed9ng r\u00e3i l\u00e0 m\u1ed9t trung t\u00e2m l\u1eeba \u0111\u1ea3o c\u00f3 m\u1ed1i li\u00ean h\u1ec7 v\u1edbi c\u00e1c ch\u00ednh tr\u1ecb gia quy\u1ec1n l\u1ef1c c\u1ea5p cao, \u0111\u1ed3ng th\u1eddi s\u1eed d\u1ee5ng lao \u0111\u1ed9ng c\u01b0\u1ee1ng b\u1ee9c \u0111\u1ec3 v\u1eadn h\u00e0nh c\u00e1c chi\u1ebfn d\u1ecbch nh\u1eafn tin, g\u1ecdi \u0111i\u1ec7n v\u00e0 g\u1eedi email \u0111\u1ed9c h\u1ea1i quy m\u00f4 l\u1edbn.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ti\u1ec1n \u0111\u1ec1 c\u1ee7a cu\u1ed9c \u0111i\u1ec1u tra<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Ph\u00e1t hi\u1ec7n n\u1ec1n t\u1ea3ng Malware-as-a-Service<\/h3>\n\n\n\n<p>S\u1ef1 gia t\u0103ng \u0111\u1ed9t bi\u1ebfn c\u00e1c truy v\u1ea5n DNS t\u1eeb m\u00f4i tr\u01b0\u1eddng \u0111\u00e1m m\u00e2y c\u1ee7a kh\u00e1ch h\u00e0ng \u0111\u00e3 d\u1eabn c\u00e1c chuy\u00ean gia Infoblox \u0111\u1ebfn vi\u1ec7c ph\u00e1t hi\u1ec7n ra m\u1ed9t lo\u1ea1i m\u00e3 \u0111\u1ed9c. Qua ph\u00e2n t\u00edch, c\u00e1c chuy\u00ean gia x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c \u0111\u00e2y l\u00e0 m\u1ed9t n\u1ec1n t\u1ea3ng <strong><a href=\"https:\/\/chongluadao.vn\/blog\/maas\">M\u00e3 \u0111\u1ed9c d\u01b0\u1edbi d\u1ea1ng d\u1ecbch v\u1ee5 (Malware-as-a-Service &#8211; MaaS)<\/a><\/strong> tinh vi. N\u1ec1n t\u1ea3ng n\u00e0y c\u00f3 kh\u1ea3 n\u0103ng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gi\u00e1m s\u00e1t th\u1eddi gian th\u1ef1c m\u1ecdi ho\u1ea1t \u0111\u1ed9ng tr\u00ean thi\u1ebft b\u1ecb c\u1ee7a n\u1ea1n nh\u00e2n<\/li>\n\n\n\n<li>\u0110\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 d\u1eef li\u1ec7u sinh tr\u1eafc h\u1ecdc (v\u00e2n tay, khu\u00f4n m\u1eb7t)<\/li>\n\n\n\n<li>Ch\u1eb7n tin nh\u1eafn SMS v\u00e0 cu\u1ed9c g\u1ecdi<\/li>\n\n\n\n<li>Truy c\u1eadp camera v\u00e0 microphone t\u1eeb xa<\/li>\n\n\n\n<li>C\u00e0i \u0111\u1eb7t th\u00eam ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i sau khi \u0111\u00e3 x\u00e2m nh\u1eadp thi\u1ebft b\u1ecb<\/li>\n\n\n\n<li>Ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 thi\u1ebft b\u1ecb t\u1eeb xa nh\u01b0 ph\u1ea7n m\u1ec1m gi\u00e1m s\u00e1t chuy\u00ean nghi\u1ec7p<\/li>\n<\/ul>\n\n\n\n<p>C\u00e1c chuy\u00ean gia c\u0169ng \u0111\u00e3 ph\u00e1t hi\u1ec7n h\u00e0ng tr\u0103m t\u00ean mi\u1ec1n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea5n c\u00f4ng n\u1ea1n nh\u00e2n, trong \u0111\u00f3 nhi\u1ec1u t\u00ean mi\u1ec1n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf tinh vi \u0111\u1ec3 m\u1ea1o danh c\u00e1c c\u01a1 quan ch\u00ednh ph\u1ee7. Nh\u1eefng \u0111i\u1ec3m b\u1ea5t th\u01b0\u1eddng v\u1ec1 DNS n\u00e0y \u0111\u01b0\u1ee3c ghi nh\u1eadn l\u1ea7n \u0111\u1ea7u t\u1eeb m\u1ed9t n\u0103m tr\u01b0\u1edbc, nh\u01b0ng d\u1ea5u v\u1ebft c\u1ee7a d\u00f2ng Trojan n\u00e0y c\u00f3 th\u1ec3 b\u1eaft ngu\u1ed3n t\u1eeb \u00edt nh\u1ea5t l\u00e0 n\u0103m 2023.<\/p>\n\n\n\n<p>\u01af\u1edbc t\u00ednh c\u00f3 kho\u1ea3ng 35 t\u00ean mi\u1ec1n m\u1edbi \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd m\u1ed7i th\u00e1ng. Trong s\u1ed1 c\u00e1c kh\u00e1ch h\u00e0ng s\u1eed d\u1ee5ng gi\u1ea3i ph\u00e1p <em>Infoblox Threat Defense Cloud<\/em>, nh\u1eefng khu v\u1ef1c ch\u1ecbu \u1ea3nh h\u01b0\u1edfng n\u1eb7ng n\u1ec1 nh\u1ea5t l\u00e0 \u0110\u00f4ng Nam \u00c1, Ch\u00e2u \u00c2u v\u00e0 M\u1ef9 Latinh. L\u01b0\u1ee3ng truy v\u1ea5n cao nh\u1ea5t \u0111\u01b0\u1ee3c ghi nh\u1eadn t\u1eeb c\u00e1c kh\u00e1ch h\u00e0ng t\u1ea1i Indonesia, Th\u00e1i Lan, T\u00e2y Ban Nha v\u00e0 Th\u1ed5 Nh\u0129 K\u1ef3, cho th\u1ea5y ph\u1ea1m vi ho\u1ea1t \u0111\u1ed9ng v\u00e0 kh\u1ea3 n\u0103ng g\u00e2y t\u00e1c \u0111\u1ed9ng tr\u00ean to\u00e0n c\u1ea7u c\u1ee7a nh\u00f3m t\u00e1c nh\u00e2n n\u00e0y.<\/p>\n\n\n<style>.kb-image5802_328e2a-01.kb-image-is-ratio-size, .kb-image5802_328e2a-01 .kb-image-is-ratio-size{max-width:730px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_328e2a-01.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_328e2a-01 .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_328e2a-01 figure{max-width:730px;}.kb-image5802_328e2a-01 .image-is-svg, .kb-image5802_328e2a-01 .image-is-svg img{width:100%;}.kb-image5802_328e2a-01 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_328e2a-01\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1400\" height=\"780\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/SCAMS_map-Artboard_1.BIRdhg3M.png\" alt=\"\" class=\"kb-img wp-image-5804\"\/><figcaption><strong>H\u00ecnh 1.<\/strong><em> C\u00e1c qu\u1ed1c gia ch\u1ecbu \u1ea3nh h\u01b0\u1edfng t\u1eeb c\u1ee5m ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i li\u00ean quan \u0111\u01b0\u1ee3c Infoblox ghi nh\u1eadn<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>\u0110i\u1ec1u tra s\u00e2u h\u01a1n cho th\u1ea5y s\u1ef1 tr\u00f9ng l\u1eb7p v\u1ec1 h\u1ea1 t\u1ea7ng v\u00e0 h\u00e0nh vi gi\u1eefa n\u1ec1n t\u1ea3ng MaaS n\u00e0y v\u1edbi c\u00e1c ho\u1ea1t \u0111\u1ed9ng tr\u01b0\u1edbc \u0111\u00e2y c\u1ee7a c\u00e1c nh\u00f3m tin t\u1eb7c (threat actors) \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh <strong>Vigorish Viper<\/strong> v\u00e0 <strong>Vault Viper<\/strong>. Nh\u1eefng m\u1ed1i li\u00ean h\u1ec7 n\u00e0y ti\u1ebft l\u1ed9 m\u1ed9t chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o \u0111a ng\u00f4n ng\u1eef quy m\u00f4 l\u1edbn, nh\u1eafm v\u00e0o n\u1ea1n nh\u00e2n t\u1ea1i \u00edt nh\u1ea5t 21 qu\u1ed1c gia tr\u00ean 4 ch\u00e2u l\u1ee5c (nh\u01b0 \u0111\u01b0\u1ee3c th\u1ec3 hi\u1ec7n trong H\u00ecnh 1).<\/p>\n\n\n\n<p>D\u1ef1a tr\u00ean c\u00e1c d\u1ea5u hi\u1ec7u v\u1ec1 ng\u00f4n ng\u1eef, m\u00f4 h\u00ecnh h\u1ea1 t\u1ea7ng v\u00e0 \u0111\u1eb7c \u0111i\u1ec3m v\u1eadn h\u00e0nh, c\u00e1c chuy\u00ean gia \u0111\u00e1nh gi\u00e1 m\u00e3 \u0111\u1ed9c n\u00e0y kh\u1ea3 n\u0103ng cao thu\u1ed9c v\u1ec1 m\u1ed9t qu\u1ea3n tr\u1ecb vi\u00ean MaaS n\u00f3i ti\u1ebfng Trung ch\u01b0a r\u00f5 danh t\u00ednh. Ng\u01b0\u1eddi n\u00e0y hi\u1ec7n \u0111ang cung c\u1ea5p d\u1ecbch v\u1ee5 cho nhi\u1ec1u hang \u1ed5 l\u1eeba \u0111\u1ea3o t\u1ea1i khu v\u1ef1c ti\u1ec3u v\u00f9ng s\u00f4ng M\u00ea K\u00f4ng, v\u1ed1n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u00e0m c\u0103n c\u1ee9 \u0111\u1ec3 ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh vi l\u1eeba \u0111\u1ea3o tr\u1ef1c tuy\u1ebfn. \u0110\u00e3 c\u00f3 nhi\u1ec1u b\u00e1o c\u00e1o ghi nh\u1eadn t\u00ecnh tr\u1ea1ng c\u01b0\u1ee1ng b\u1ee9c lao \u0111\u1ed9ng t\u1ea1i khu v\u1ef1c n\u00e0y.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">B\u1eb1ng ch\u1ee9ng t\u1eeb b\u00ean trong khu ph\u1ee9c h\u1ee3p l\u1eeba \u0111\u1ea3o<\/h3>\n\n\n\n<p>T\u1eeb m\u1ed9t s\u1ed1 n\u1ea1n nh\u00e2n b\u1ecb giam gi\u1eef v\u00e0 \u00e9p bu\u1ed9c th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh vi l\u1eeba \u0111\u1ea3o b\u00ean trong khu ph\u1ee9c h\u1ee3p <strong>K99 Triumph City<\/strong>, <strong><a href=\"http:\/\/chongluadao.vn\">Ch\u1ed1ng L\u1eeba \u0110\u1ea3o<\/a><\/strong> \u0111\u00e3 thu th\u1eadp \u0111\u01b0\u1ee3c nh\u1eefng b\u1eb1ng ch\u1ee9ng c\u1ea7n thi\u1ebft gi\u00fap thi\u1ebft l\u1eadp m\u1ed1i li\u00ean h\u1ec7 v\u1edbi d\u00f2ng Trojan c\u1ee5 th\u1ec3 n\u00e0y. Nh\u1eefng chi ti\u1ebft then ch\u1ed1t v\u1ec1 ho\u1ea1t \u0111\u1ed9ng n\u1ed9i b\u1ed9 c\u1ee7a c\u00e1c v\u1ee5 l\u1eeba \u0111\u1ea3o do nh\u1eefng ng\u01b0\u1eddi \u0111\u00e3 tr\u1ed1n tho\u00e1t cung c\u1ea5p, c\u00f9ng v\u1edbi ph\u00e2n t\u00edch malware t\u1eeb Ch\u1ed1ng L\u1eeba \u0110\u1ea3o \u0111\u00e3 t\u1ea1o ti\u1ec1n \u0111\u1ec1 \u0111\u1ec3 nh\u00f3m \u0111i\u1ec1u tra th\u00e2m nh\u1eadp s\u00e2u h\u01a1n v\u00e0 gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ch\u00fang theo th\u1eddi gian th\u1ef1c.<\/p>\n\n\n\n<p>C\u00e1c chuy\u00ean gia \u0111\u00e3 t\u1eadn m\u1eaft ch\u1ee9ng ki\u1ebfn m\u1ee9c \u0111\u1ed9 x\u00e2m nh\u1eadp \u0111\u00e1ng s\u1ee3 c\u1ee7a trojan n\u00e0y: trao cho k\u1ebb t\u1ea5n c\u00f4ng to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t thi\u1ebft b\u1ecb b\u1ecb nhi\u1ec5m, cho ph\u00e9p ch\u00fang gi\u00e1m s\u00e1t n\u1ea1n nh\u00e2n v\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u tr\u1ef1c ti\u1ebfp. Ngo\u00e0i ra, nh\u00f3m \u0111i\u1ec1u tra c\u00f2n t\u00ecm \u0111\u01b0\u1ee3c b\u1eb1ng ch\u1ee9ng v\u1ec1 c\u00e1c b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n C2 (Command and Control) \u0111\u01b0\u1ee3c ph\u00e2n m\u1ea3nh theo qu\u1ed1c gia m\u1ee5c ti\u00eau (v\u00ed d\u1ee5: \u201cNh\u00f3m Indonesia,&#8221; \u201cNh\u00f3m Brazil,&#8221; \u201cNh\u00f3m Ai C\u1eadp&#8221;), v\u00e0 trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p l\u00e0 theo t\u00ean g\u1ecdi c\u1ee7a c\u00e1c \u201ckh\u00e1ch h\u00e0ng&#8221; ri\u00eang bi\u1ec7t. \u0110i\u1ec1u n\u00e0y cho th\u1ea5y m\u1ed9t c\u1ea5u tr\u00fac ph\u00e2n c\u1ea5p v\u1eadn h\u00e0nh b\u00e0i b\u1ea3n v\u00e0 c\u00f3 s\u1ef1 ph\u1ed1i h\u1ee3p qu\u1ea3n l\u00fd ch\u1eb7t ch\u1ebd.<\/p>\n\n\n\n<p>B\u00e1o c\u00e1o n\u00e0y bao g\u1ed3m c\u00e1c chi ti\u1ebft v\u1ec1 chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o, \u0111\u01b0\u1ee3c thu th\u1eadp tr\u1ef1c ti\u1ebfp t\u1eeb nh\u1eefng ng\u01b0\u1eddi t\u1eebng b\u1ecb giam c\u1ea7m t\u1ea1i khu K99 v\u00e0 b\u1ecb \u00e9p tham gia v\u00e0o c\u00e1c ho\u1ea1t \u0111\u1ed9ng t\u1ed9i ph\u1ea1m m\u1ea1ng. B\u00ean c\u1ea1nh l\u1eddi k\u1ec3 c\u1ee7a nh\u00e2n ch\u1ee9ng, nh\u1eefng ng\u01b0\u1eddi tho\u00e1t th\u00e2n c\u00f2n cung c\u1ea5p c\u00e1c \u1ea3nh ch\u1ee5p m\u00e0n h\u00ecnh l\u00e0 b\u1eb1ng ch\u1ee9ng tr\u1ef1c ti\u1ebfp c\u1ee7ng c\u1ed1 m\u1ed1i li\u00ean k\u1ebft gi\u1eefa c\u00e1c t\u00ean mi\u1ec1n Infoblox \u0111ang theo d\u00f5i v\u1edbi ho\u1ea1t \u0111\u1ed9ng t\u1ea1i khu ph\u1ee9c h\u1ee3p n\u00e0y.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ngu\u1ed3n g\u1ed1c v\u00e0 m\u00f4 h\u00ecnh DNS<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Truy v\u1ea5n DNS b\u1ea5t th\u01b0\u1eddng<\/h3>\n\n\n\n<p>V\u00e0o th\u00e1ng 3\/2025, c\u00e1c chuy\u00ean gia t\u1eeb Infoblox quan s\u00e1t th\u1ea5y m\u1ed9t \u0111\u1ee3t t\u0103ng tr\u01b0\u1edfng \u0111\u1ed9t bi\u1ebfn c\u00e1c truy v\u1ea5n t\u1eeb ph\u00eda kh\u00e1ch h\u00e0ng (H\u00ecnh 2), song song v\u1edbi vi\u1ec7c s\u1ed1 l\u01b0\u1ee3ng \u0111\u0103ng k\u00fd t\u00ean mi\u1ec1n t\u0103ng m\u1ea1nh. D\u1eef li\u1ec7u cho th\u1ea5y ph\u1ea7n l\u1edbn kh\u00e1ch h\u00e0ng b\u1ecb \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1eeb c\u00e1c qu\u1ed1c gia \u0110\u00f4ng Nam \u00c1, Ch\u00e2u \u00c2u v\u00e0 M\u1ef9 Latinh; trong \u0111\u00f3 l\u01b0u l\u01b0\u1ee3ng truy v\u1ea5n cao nh\u1ea5t \u0111\u1ebfn t\u1eeb Indonesia, Th\u00e1i Lan, T\u00e2y Ban Nha v\u00e0 Th\u1ed5 Nh\u0129 K\u1ef3. Nh\u1eefng d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng n\u00e0y \u0111\u00e3 th\u00fac \u0111\u1ea9y h\u1ecd ti\u1ebfn h\u00e0nh \u0111i\u1ec1u tra v\u00e0 cu\u1ed1i c\u00f9ng ph\u00e1t hi\u1ec7n ra m\u1ed9t lo\u1ea1i Trojan ng\u00e2n h\u00e0ng tr\u00ean Android (Android banking trojan).<\/p>\n\n\n<style>.kb-image5802_c3aa0e-6d.kb-image-is-ratio-size, .kb-image5802_c3aa0e-6d .kb-image-is-ratio-size{max-width:812px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_c3aa0e-6d.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_c3aa0e-6d .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_c3aa0e-6d figure{max-width:812px;}.kb-image5802_c3aa0e-6d .image-is-svg, .kb-image5802_c3aa0e-6d .image-is-svg img{width:100%;}.kb-image5802_c3aa0e-6d .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_c3aa0e-6d\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2085\" height=\"867\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/querry-doc-hai.png\" alt=\"\" class=\"kb-img wp-image-5807\"\/><figcaption><strong>H\u00ecnh 2. <\/strong>L\u01b0u l\u01b0\u1ee3ng truy v\u1ea5n DNS li\u00ean quan \u0111\u1ebfn m\u00e3 \u0111\u1ed9c trong m\u1ea1ng l\u01b0\u1edbi kh\u00e1ch h\u00e0ng c\u1ee7a Infoblox Threat Defense Cloud, t\u1eeb th\u00e1ng 1 \u0111\u1ebfn th\u00e1ng 12 n\u0103m 2025. <em>Ngu\u1ed3n: Infoblox<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>Chi\u1ebfn d\u1ecbch n\u00e0y hi\u1ec7n v\u1eabn \u0111ang ho\u1ea1t \u0111\u1ed9ng m\u1ea1nh m\u1ebd, v\u1edbi kho\u1ea3ng 35 t\u00ean mi\u1ec1n m\u1edbi \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd m\u1ed7i th\u00e1ng. C\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng c\u1ea3 t\u00ean mi\u1ec1n t\u1ea1o b\u1edfi Thu\u1eadt to\u00e1n t\u1ea1o t\u00ean mi\u1ec1n (RDGA &#8211; Registered Domain Generation Algorithm) l\u1eabn c\u00e1c t\u00ean mi\u1ec1n gi\u1ea3 m\u1ea1o (lookalike domains) &#8211; v\u1ed1n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 m\u1ea1o danh c\u00e1c t\u1ed5 ch\u1ee9c h\u1ee3p ph\u00e1p v\u00e0 d\u1ecbch v\u1ee5 c\u00f4ng nh\u1eb1m ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c.<\/p>\n\n\n\n<p>C\u00e1c t\u00ean mi\u1ec1n n\u00e0y \u0111\u01b0\u1ee3c d\u00e0n d\u1ef1ng tinh vi \u0111\u1ec3 gi\u1ea3 m\u1ea1o ng\u00e2n h\u00e0ng, qu\u1ef9 h\u01b0u b\u1ed5ng, t\u1ed5 ch\u1ee9c an sinh x\u00e3 h\u1ed9i, nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 ti\u1ec7n \u00edch (\u0111i\u1ec7n, n\u01b0\u1edbc), c\u0169ng nh\u01b0 c\u00e1c c\u01a1 quan thu\u1ebf, xu\u1ea5t nh\u1eadp c\u1ea3nh, vi\u1ec5n th\u00f4ng v\u00e0 c\u01a1 quan th\u1ef1c thi ph\u00e1p lu\u1eadt. B\u1ea3ng d\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 v\u00ed d\u1ee5.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>T\u00ean mi\u1ec1n<\/strong><\/th><th><strong>M\u1ee5c ti\u00eau gi\u1ea3 m\u1ea1o (Qu\u1ed1c gia\/T\u1ed5 ch\u1ee9c)<\/strong><\/th><\/tr><\/thead><tbody><tr><td>vsgo[.]cc<\/td><td>H\u1ec7 th\u1ed1ng An sinh X\u00e3 h\u1ed9i Philippines<\/td><\/tr><tr><td>nmxgo[.]cc<\/td><td>C\u1ea3nh s\u00e1t Nam Phi<\/td><\/tr><tr><td>orgo[.]cc<\/td><td>Qu\u1ef9 H\u01b0u tr\u00ed Nh\u00e0 n\u01b0\u1edbc Indonesia<\/td><\/tr><tr><td>idphil[.]net<\/td><td>B\u1ed9 Th\u00f4ng tin v\u00e0 Truy\u1ec1n th\u00f4ng Philippines<\/td><\/tr><tr><td>immigration-kr[.]net<\/td><td>C\u1ee5c Xu\u1ea5t nh\u1eadp c\u1ea3nh H\u00e0n Qu\u1ed1c<\/td><\/tr><tr><td>openbank-es[.]com<\/td><td>Openbank T\u00e2y Ban Nha<\/td><\/tr><tr><td>googleplay[.]djppajakgoid[.]com<\/td><td>T\u1ed5ng c\u1ee5c Thu\u1ebf Indonesia<\/td><\/tr><tr><td>cedula-registraduria-gov[.]org<\/td><td>C\u01a1 quan \u0110\u0103ng k\u00fd D\u00e2n s\u1ef1 Qu\u1ed1c gia Colombia<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Ph\u00e2n t\u00edch h\u1ea1 t\u1ea7ng v\u00e0 ph\u01b0\u01a1ng th\u1ee9c d\u1eabn d\u1ee5<\/h3>\n\n\n\n<p>H\u00ecnh 3 d\u01b0\u1edbi \u0111\u00e2y cho th\u1ea5y m\u1ed9t s\u1ed1 v\u00ed d\u1ee5 v\u1ec1 c\u00e1c trang m\u1ed3i nh\u1eed \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng. G\u1ea7n \u0111\u00e2y, ph\u1ea1m vi c\u1ee7a chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o n\u00e0y \u0111\u00e3 m\u1edf r\u1ed9ng c\u1ea3 v\u1ec1 m\u1eb7t \u0111\u1ecba l\u00fd l\u1eabn b\u1ed1i c\u1ea3nh, bao g\u1ed3m c\u00e1c m\u1ed3i nh\u1eed nh\u1eafm v\u00e0o c\u00e1c h\u00e3ng h\u00e0ng kh\u00f4ng v\u00e0 n\u1ec1n t\u1ea3ng th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed, c\u0169ng nh\u01b0 m\u1edf r\u1ed9ng sang c\u00e1c qu\u1ed1c gia t\u1ea1i Ch\u00e2u Phi v\u00e0 M\u1ef9 Latinh.<\/p>\n\n\n<style>.kb-image5802_3e0b88-c8.kb-image-is-ratio-size, .kb-image5802_3e0b88-c8 .kb-image-is-ratio-size{max-width:808px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_3e0b88-c8.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_3e0b88-c8 .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_3e0b88-c8 figure{max-width:808px;}.kb-image5802_3e0b88-c8 .image-is-svg, .kb-image5802_3e0b88-c8 .image-is-svg img{width:100%;}.kb-image5802_3e0b88-c8 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_3e0b88-c8\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"284\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure3.png\" alt=\"\" class=\"kb-img wp-image-5812\"\/><figcaption><strong>H\u00ecnh 3.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u00e1c trang m\u1ed3i nh\u1eed \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c, m\u1ea1o danh c\u00e1c t\u1ed5 ch\u1ee9c nh\u01b0 C\u1ee5c Thu\u1ebf Li\u00ean bang Brazil, h\u00e3ng h\u00e0ng kh\u00f4ng Ryanair, ng\u00e2n h\u00e0ng Openbank v\u00e0 C\u01a1 quan C\u1ea3nh s\u00e1t Nam Phi. <em>Ngu\u1ed3n: Infoblox<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>C\u00e1c chuy\u00ean gia \u0111\u00e3 ti\u1ebfn h\u00e0nh ph\u00e2n t\u00edch 400 t\u00ean mi\u1ec1n m\u1ed3i nh\u1eed \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd trong n\u0103m 2025 d\u00f9ng \u0111\u1ec3 l\u1eeba \u0111\u1ea3o v\u00e0 l\u00e2y nhi\u1ec5m m\u00e3 \u0111\u1ed9c cho n\u1ea1n nh\u00e2n. C\u00e1c b\u1eb1ng ch\u1ee9ng cho th\u1ea5y nh\u1eefng t\u00ean mi\u1ec1n n\u00e0y l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a m\u1ed9t chi\u1ebfn d\u1ecbch \u0111\u01b0\u1ee3c \u0111i\u1ec1u ph\u1ed1i v\u00e0 qu\u1ea3n l\u00fd t\u1eadp trung, \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 c\u00f3 th\u1ec3 m\u1edf r\u1ed9ng quy m\u00f4 v\u00e0 duy tr\u00ec kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i (tr\u01b0\u1edbc c\u00e1c \u0111\u1ee3t truy qu\u00e9t).<\/p>\n\n\n\n<p>Vi\u1ec7c \u0111\u0103ng k\u00fd t\u00ean mi\u1ec1n cho c\u00e1c trang m\u1ed3i nh\u1eed ch\u1ee7 y\u1ebfu t\u1eadp trung t\u1ea1i c\u00e1c nh\u00e0 \u0111\u0103ng k\u00fd c\u00f3 tr\u1ee5 s\u1edf t\u1ea1i H\u1ed3ng K\u00f4ng nh\u01b0 Dominet (64%), Domain International Services (10%), v\u00e0 Namemart (tr\u01b0\u1edbc \u0111\u00e2y l\u00e0 Domain International Services &#8211; 7%), chi\u1ebfm t\u1edbi 81% h\u1ea1 t\u1ea7ng \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh (H\u00ecnh 4). Nh\u00f3m t\u00e1c nh\u00e2n n\u00e0y \u0111\u1eb7c bi\u1ec7t \u01b0u ti\u00ean c\u00e1c t\u00ean mi\u1ec1n c\u1ea5p cao nh\u1ea5t (TLDs) nh\u01b0 <code>.com<\/code>, <code>.top<\/code>, v\u00e0 <code>.cc<\/code>, chi\u1ebfm kho\u1ea3ng 86% t\u1ed5ng s\u1ed1 t\u00ean mi\u1ec1n. H\u1ea7u h\u1ebft c\u00e1c t\u00ean mi\u1ec1n n\u00e0y \u0111\u1ec1u \u0111\u01b0\u1ee3c \u1ea9n sau d\u1ecbch v\u1ee5 c\u1ee7a Cloudflare.<\/p>\n\n\n<style>.kb-image5802_542b8a-de.kb-image-is-ratio-size, .kb-image5802_542b8a-de .kb-image-is-ratio-size{max-width:683px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_542b8a-de.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_542b8a-de .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_542b8a-de figure{max-width:683px;}.kb-image5802_542b8a-de .image-is-svg, .kb-image5802_542b8a-de .image-is-svg img{width:100%;}.kb-image5802_542b8a-de .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_542b8a-de\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2135\" height=\"993\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/hinh-3.png\" alt=\"\" class=\"kb-img wp-image-5813\"\/><figcaption><strong>H\u00ecnh 4.<\/strong> Ph\u00e2n b\u1ed5 c\u00e1c nh\u00e0 \u0111\u0103ng k\u00fd t\u00ean mi\u1ec1n m\u1ed3i nh\u1eed. <em>Ngu\u1ed3n: Infoblox<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>C\u00f3 m\u1ed9t chi\u1ebfn l\u01b0\u1ee3c r\u00f5 r\u1ec7t trong vi\u1ec7c t\u1ea1o t\u00ean mi\u1ec1n: s\u1eed d\u1ee5ng m\u1ed9t ti\u1ec1n t\u1ed1 t\u1eeb 2 \u0111\u1ebfn 5 k\u00fd t\u1ef1, theo sau l\u00e0 m\u1ed9t h\u1eadu t\u1ed1 \u0111\u01b0\u1ee3c l\u1ef1a ch\u1ecdn k\u1ef9 l\u01b0\u1ee1ng (th\u01b0\u1eddng l\u00e0 \u2018<code>go<\/code>\u2019 ho\u1eb7c \u2018<code>gov<\/code>\u2019). \u0110i\u1ec1u n\u00e0y nhi\u1ec1u kh\u1ea3 n\u0103ng nh\u1eb1m m\u1ee5c \u0111\u00edch b\u1eaft ch\u01b0\u1edbc c\u00e1c t\u00ean mi\u1ec1n c\u1ea5p cao nh\u1ea5t ch\u00ednh th\u1ed1ng c\u1ee7a ch\u00ednh ph\u1ee7 nh\u01b0 <code>.go<\/code> v\u00e0 <code>.gov<\/code>, h\u1ed7 tr\u1ee3 cho c\u00e1c n\u1ed7 l\u1ef1c t\u1ea5n c\u00f4ng phi k\u1ef9 thu\u1eadt (social engineering) v\u00e0 m\u1ea1o danh c\u01a1 quan nh\u00e0 n\u01b0\u1edbc. Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, t\u00ean mi\u1ec1n c\u00f2n bao g\u1ed3m c\u00e1c h\u1eadu t\u1ed1 ch\u1ec9 \u0111\u1ecbnh m\u1ee5c ti\u00eau \u0111\u1ecba l\u00fd c\u1ee5 th\u1ec3 nh\u01b0 \u2018<code>ph<\/code>\u2019, \u2018<code>th<\/code>\u2019 v\u00e0 <strong>\u2018<code>vn<\/code>\u2019<\/strong> (Vi\u1ec7t Nam), c\u0169ng nh\u01b0 c\u00e1c h\u1eadu t\u1ed1 d\u00e0i h\u01a1n nh\u01b0 \u2018<code>ind<\/code>\u2019, \u2018<code>mxco<\/code>\u2019, \u2018<code>peru<\/code>\u2019 v\u00e0 \u2018<code>africa<\/code>\u2019.<\/p>\n\n\n\n<p>C\u00e1c t\u00ean mi\u1ec1n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho h\u1ec7 th\u1ed1ng \u0111i\u1ec1u khi\u1ec3n C2 v\u00e0 c\u00e1c b\u1ea3ng qu\u1ea3n tr\u1ecb kh\u00e1c c\u00f3 c\u00e1ch \u0111\u1eb7t t\u00ean h\u01a1i kh\u00e1c bi\u1ec7t v\u00e0 s\u1eed d\u1ee5ng c\u00e1c TLD nh\u01b0 <code>.top<\/code>, <code>.xyz<\/code>, <code>.vip<\/code>, v\u00e0 <code>.pro<\/code>. Tuy nhi\u00ean, c\u00f3 m\u1ed9t s\u1ef1 \u01b0u ti\u00ean r\u00f5 r\u1ec7t cho \u0111u\u00f4i <code>.top<\/code> (chi\u1ebfm 39 tr\u00ean t\u1ed5ng s\u1ed1 42 t\u00ean mi\u1ec1n C2 \u0111ang ho\u1ea1t \u0111\u1ed9ng). T\u1ea5t c\u1ea3 c\u00e1c t\u00ean mi\u1ec1n C2 \u0111\u1ec1u s\u1eed d\u1ee5ng nh\u00e0 \u0111\u0103ng k\u00fd Domain International Services, Namemart v\u00e0 c\u00e1c m\u00e1y ch\u1ee7 t\u00ean mi\u1ec1n (name servers) c\u1ee7a DomainNameDNS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Chu\u1ed7i t\u1ea5n c\u00f4ng<\/h2>\n\n\n\n<p>Cu\u1ed9c t\u1ea5n c\u00f4ng bao g\u1ed3m nhi\u1ec1u giai \u0111o\u1ea1n v\u00e0 s\u1eed d\u1ee5ng m\u1ed9t b\u1ed9 c\u00f4ng c\u1ee5 (kit) c\u00f3 kh\u1ea3 n\u0103ng t\u00f9y bi\u1ebfn cao, cho ph\u00e9p t\u1ea1o ra nhi\u1ec1u bi\u1ebfn th\u1ec3 kh\u00e1c nhau c\u1ee7a m\u00e3 \u0111\u1ed9c (H\u00ecnh 5). Th\u00f4ng qua nhi\u1ec1u th\u1ee7 \u0111o\u1ea1n d\u1eabn d\u1ee5, ng\u01b0\u1eddi d\u00f9ng b\u1ecb \u0111i\u1ec1u h\u01b0\u1edbng \u0111\u1ebfn m\u1ed9t trang web gi\u1ea3 m\u1ea1o c\u00e1c d\u1ecbch v\u1ee5 uy t\u00edn, th\u01b0\u1eddng l\u00e0 c\u00e1c trang li\u00ean quan \u0111\u1ebfn ng\u00e2n h\u00e0ng ho\u1eb7c c\u01a1 quan ch\u00ednh ph\u1ee7.<\/p>\n\n\n<style>.kb-image5802_8a684d-de .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_8a684d-de\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2724\" height=\"865\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/Attack-chain-1.png\" alt=\"\" class=\"kb-img wp-image-5816\"\/><figcaption><strong>H\u00ecnh 5.<\/strong> M\u00f4 h\u00ecnh chu\u1ed7i t\u1ea5n c\u00f4ng \u0111\u01a1n gi\u1ea3n h\u00f3a c\u1ee7a Trojan ng\u00e2n h\u00e0ng (file APK).<\/figcaption><\/figure><\/div>\n\n\n\n<p>C\u00e1c trang m\u1ed3i nh\u1eed n\u00e0y y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng t\u1ea3i xu\u1ed1ng m\u1ed9t \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng. Trang web s\u1eed d\u1ee5ng m\u00e3 JavaScript m\u00e3 h\u00f3a Base64 \u0111\u1ec3 ph\u00e2n ph\u1ed1i m\u1ed9t t\u1ec7p Trojan d\u01b0\u1edbi d\u1ea1ng APK c\u00f3 dung l\u01b0\u1ee3ng 23MB. Khi ng\u01b0\u1eddi d\u00f9ng nh\u1ea5n n\u00fat t\u1ea3i xu\u1ed1ng, \u0111o\u1ea1n m\u00e3 n\u00e0y s\u1ebd t\u1ea3i t\u1ec7p tin theo t\u1eebng ph\u00e2n \u0111o\u1ea1n nh\u1ecf (chunked segments) \u0111\u1ed3ng th\u1eddi hi\u1ec3n th\u1ecb m\u1ed9t thanh ti\u1ebfn tr\u00ecnh gi\u1ea3, cu\u1ed1i c\u00f9ng d\u1eabn \u0111\u1ebfn vi\u1ec7c c\u00e0i \u0111\u1eb7t m\u00e3 \u0111\u1ed9c l\u00ean thi\u1ebft b\u1ecb.<\/p>\n\n\n\n<p>Sau khi t\u1ec7p APK \u0111\u01b0\u1ee3c th\u1ef1c thi, \u1ee9ng d\u1ee5ng s\u1ebd hi\u1ec3n th\u1ecb m\u1ed9t m\u00e0n h\u00ecnh \u0111\u0103ng nh\u1eadp gi\u1ea3 m\u1ea1o, t\u01b0\u01a1ng t\u1ef1 nh\u01b0 c\u00e1c v\u00ed d\u1ee5 trong H\u00ecnh 6. Giao di\u1ec7n \u0111\u0103ng nh\u1eadp th\u1ef1c t\u1ebf s\u1ebd thay \u0111\u1ed5i t\u00f9y thu\u1ed9c v\u00e0o m\u1ee5c ti\u00eau c\u1ee5 th\u1ec3 c\u1ee7a t\u1eebng chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng.<\/p>\n\n\n<style>.kb-image5802_7cce53-5b.kb-image-is-ratio-size, .kb-image5802_7cce53-5b .kb-image-is-ratio-size{max-width:711px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_7cce53-5b.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_7cce53-5b .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_7cce53-5b figure{max-width:711px;}.kb-image5802_7cce53-5b .image-is-svg, .kb-image5802_7cce53-5b .image-is-svg img{width:100%;}.kb-image5802_7cce53-5b .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_7cce53-5b\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"496\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure6.png\" alt=\"\" class=\"kb-img wp-image-5817\"\/><figcaption><strong>H\u00ecnh 6.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u00e1c giao di\u1ec7n \u0111\u0103ng nh\u1eadp gi\u1ea3 m\u1ea1o sau khi c\u00e0i \u0111\u1eb7t, m\u1ea1o danh T\u1ed5ng c\u00f4ng ty \u0110i\u1ec7n l\u1ef1c \u0110\u1ecba ph\u01b0\u01a1ng Th\u00e1i Lan, C\u1ee5c Thu\u1ebf Li\u00ean bang Brazil v\u00e0 h\u00e3ng h\u00e0ng kh\u00f4ng LATAM. <em>Ngu\u1ed3n: Infoblox<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>M\u1ed9t khi \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t, m\u00e3 \u0111\u1ed9c s\u1ebd v\u1eadn h\u00e0nh nh\u01b0 m\u1ed9t Trojan ng\u00e2n h\u00e0ng \u0111a n\u0103ng v\u1edbi h\u00e0ng lo\u1ea1t kh\u1ea3 n\u0103ng gi\u00e1m s\u00e1t v\u00e0 x\u00e2m nh\u1eadp. Nh\u01b0 trong H\u00ecnh 7, c\u00e1c ch\u1ee9c n\u0103ng c\u1ed1t l\u00f5i c\u1ee7a m\u00e3 \u0111\u1ed9c bao g\u1ed3m: \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa theo th\u1eddi gian th\u1ef1c, ch\u1eb7n tin nh\u1eafn SMS v\u00e0 cu\u1ed9c g\u1ecdi, truy c\u1eadp camera v\u00e0 micro, thu th\u1eadp th\u00f4ng tin x\u00e1c th\u1ef1c v\u00e0 kh\u1ea3 n\u0103ng c\u00e0i \u0111\u1eb7t th\u00eam c\u00e1c ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i kh\u00e1c. N\u00f3 c\u00f2n ch\u1ee9a m\u1ed9t module \u0111\u1ecbnh danh thi\u1ebft b\u1ecb (device fingerprinting) to\u00e0n di\u1ec7n nh\u1eb1m thu th\u1eadp m\u1ed9t c\u00e1ch h\u1ec7 th\u1ed1ng c\u00e1c th\u00f4ng tin chi ti\u1ebft v\u1ec1 ph\u1ea7n c\u1ee9ng v\u00e0 h\u1ec7 th\u1ed1ng, sau \u0111\u00f3 t\u1ed5ng h\u1ee3p v\u00e0 g\u1eedi v\u1ec1 m\u00e1y ch\u1ee7 C2 c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n\n\n<style>.kb-image5802_7a08d3-04.kb-image-is-ratio-size, .kb-image5802_7a08d3-04 .kb-image-is-ratio-size{max-width:624px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_7a08d3-04.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_7a08d3-04 .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_7a08d3-04 figure{max-width:624px;}.kb-image5802_7a08d3-04 .image-is-svg, .kb-image5802_7a08d3-04 .image-is-svg img{width:100%;}.kb-image5802_7a08d3-04 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_7a08d3-04\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"375\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure7.png\" alt=\"\" class=\"kb-img wp-image-5818\"\/><figcaption><strong>H\u00ecnh 7.<\/strong> <em>C\u00e1c ch\u1ee9c n\u0103ng c\u1ed1t l\u00f5i c\u1ee7a m\u00e3 \u0111\u1ed9c do c\u00e1c chuy\u00ean gia Ch\u1ed1ng L\u1eeba \u0110\u1ea3o ph\u00e2n t\u00edch.<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">B\u00ean trong m\u00e3 \u0111\u1ed9c<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Ph\u00e2n t\u00edch c\u00e1c m\u1eabu t\u1ea5n c\u00f4ng<\/h3>\n\n\n\n<p>Nh\u01b0 trong H\u00ecnh 8 v\u00e0 9, khi xem x\u00e9t m\u00e3 ngu\u1ed3n, c\u00e1c chuy\u00ean gia Ch\u1ed1ng L\u1eeba \u0110\u1ea3o nh\u1eadn th\u1ea5y m\u1ed9t s\u1ed1 m\u1eabu (samples) th\u1eddi k\u1ef3 \u0111\u1ea7u bao g\u1ed3m c\u00e1c th\u00f4ng tin \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u1ee9ng nh\u01b0 \u0111\u1ecba ch\u1ec9 IP, c\u1ed5ng k\u1ebft n\u1ed1i (port), API \u0111\u0103ng nh\u1eadp, kh\u00f3a gi\u1ea3i m\u00e3 v\u00e0 c\u00e1c d\u1eef li\u1ec7u kh\u00e1c; trong khi \u0111\u00f3, c\u00e1c m\u1eabu sau n\u00e0y s\u1eed d\u1ee5ng m\u1ed9t h\u00e0m gi\u1ea3i m\u00e3 n\u1ed9i b\u1ed9 \u0111\u1ec3 truy xu\u1ea5t \u0111\u1ecba ch\u1ec9 IP m\u1ed9t c\u00e1ch linh ho\u1ea1t trong qu\u00e1 tr\u00ecnh th\u1ef1c thi, nh\u1eb1m lo\u1ea1i b\u1ecf m\u1ecdi d\u1ea5u v\u1ebft t\u0129nh kh\u1ecfi b\u1ed9 m\u00e3 ngu\u1ed3n. S\u1ef1 thay \u0111\u1ed5i n\u00e0y, k\u1ebft h\u1ee3p v\u1edbi c\u00e1c m\u1ed1c th\u1eddi gian \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt trong <code>BuildConfig<\/code>, cho th\u1ea5y m\u00e3 \u0111\u1ed9c v\u1eabn \u0111ang \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n m\u1ed9t c\u00e1ch t\u00edch c\u1ef1c.<\/p>\n\n\n<style>.kb-image5802_4acf81-7d.kb-image-is-ratio-size, .kb-image5802_4acf81-7d .kb-image-is-ratio-size{max-width:666px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_4acf81-7d.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_4acf81-7d .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_4acf81-7d figure{max-width:666px;}.kb-image5802_4acf81-7d .image-is-svg, .kb-image5802_4acf81-7d .image-is-svg img{width:100%;}.kb-image5802_4acf81-7d .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_4acf81-7d\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"347\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure8.png\" alt=\"\" class=\"kb-img wp-image-5820\"\/><figcaption><strong>H\u00ecnh 8.<\/strong> C\u1ea5u h\u00ecnh b\u1ea3n d\u1ef1ng hi\u1ec3n th\u1ecb \u0111\u1ecba ch\u1ec9 IP m\u00e1y ch\u1ee7 C2 v\u00e0 c\u00e1c d\u1eef li\u1ec7u kh\u00e1c \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u1ee9ng<\/figcaption><\/figure><\/div>\n\n\n<style>.kb-image5802_c7dfe8-4d.kb-image-is-ratio-size, .kb-image5802_c7dfe8-4d .kb-image-is-ratio-size{max-width:575px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_c7dfe8-4d.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_c7dfe8-4d .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_c7dfe8-4d figure{max-width:575px;}.kb-image5802_c7dfe8-4d .image-is-svg, .kb-image5802_c7dfe8-4d .image-is-svg img{width:100%;}.kb-image5802_c7dfe8-4d .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_c7dfe8-4d\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"496\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure9.png\" alt=\"\" class=\"kb-img wp-image-5819\"\/><figcaption><strong>H\u00ecnh 9.<\/strong> M\u1ed9t m\u1eabu m\u00e3 \u0111\u1ed9c kh\u00e1c kh\u00f4ng c\u00f2n hi\u1ec3n th\u1ecb \u0111\u1ecba ch\u1ec9 IP C2 m\u00e3 h\u00f3a c\u1ee9ng.<\/figcaption><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Truy t\u00ecm c\u00e1c m\u00e1y ch\u1ee7 C2<\/h3>\n\n\n\n<p>D\u1ef1a tr\u00ean t\u00ednh b\u1ea3o m\u1eadt v\u1eadn h\u00e0nh (OPSEC) c\u00f2n y\u1ebfu k\u00e9m trong c\u00e1c m\u1eabu c\u0169, c\u00f3 th\u1ec3 suy \u0111o\u00e1n r\u1eb1ng nh\u1eefng sai l\u1ea7m kh\u00e1c c\u0169ng s\u1ebd xu\u1ea5t hi\u1ec7n. Kh\u00f4ng m\u1ea5t qu\u00e1 nhi\u1ec1u th\u1eddi gian \u0111\u1ec3 Ch\u1ed1ng L\u1eeba \u0110\u1ea3o t\u00ecm th\u1ea5y m\u1ed9t m\u00e1y ch\u1ee7 C2 b\u1ecb l\u1ed9 do thi\u1ebfu c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t truy c\u1eadp ph\u00f9 h\u1ee3p. \u0110i\u1ec1u n\u00e0y cho ph\u00e9p c\u00e1c nh\u00e0 \u0111i\u1ec1u tra gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng c\u1ee7a nhi\u1ec1u k\u1ebb v\u1eadn h\u00e0nh, \u0111\u1ed3ng th\u1eddi quan s\u00e1t tr\u1ef1c ti\u1ebfp qu\u00e1 tr\u00ecnh l\u00e2y nhi\u1ec5m v\u00e0 h\u00e0nh vi c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng theo th\u1eddi gian th\u1ef1c.<\/p>\n\n\n\n<p>Th\u00f4ng qua vi\u1ec7c truy c\u1eadp v\u00e0o c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng b\u1ecb l\u1ed9, c\u00e1c chuy\u00ean gia \u0111\u00e3 quan s\u00e1t th\u1ea5y nh\u1eefng k\u1ebb v\u1eadn h\u00e0nh \u0111ang tri\u1ec3n khai c\u00e1c h\u1ed9p tho\u1ea1i y\u00eau c\u1ea7u quy\u1ec1n truy c\u1eadp c\u00f3 th\u1ec3 t\u00f9y ch\u1ec9nh v\u00e0 c\u00e1c m\u00e0n h\u00ecnh gi\u1ea3 m\u1ea1o \u0111\u00e8 l\u00ean \u1ee9ng d\u1ee5ng (overlay) \u0111\u1ec3 l\u1eeba \u0111\u1ea3o n\u1ea1n nh\u00e2n. \u0110\u1ed3ng th\u1eddi, ch\u00fang tr\u00edch xu\u1ea5t nhi\u1ec1u d\u1eef li\u1ec7u kh\u00e1c nhau bao g\u1ed3m danh b\u1ea1, ghi ch\u00fa, \u1ea3nh, tin nh\u1eafn SMS v\u00e0 nh\u1eadt k\u00fd cu\u1ed9c g\u1ecdi. Nh\u1eefng d\u1eef li\u1ec7u n\u00e0y c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng ngay l\u1eadp t\u1ee9c \u0111\u1ec3 h\u1ed7 tr\u1ee3 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ti\u1ebfp theo. Nh\u1eefng k\u1ebb v\u1eadn h\u00e0nh c\u00f2n s\u1eed d\u1ee5ng m\u1ed9t b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n (admin panel) tr\u00ean n\u1ec1n web \u0111\u1ec3 qu\u1ea3n l\u00fd \u0111\u1ed3ng th\u1eddi nhi\u1ec1u thi\u1ebft b\u1ecb b\u1ecb nhi\u1ec5m, v\u1edbi c\u00e1c quy tr\u00ecnh l\u00e0m vi\u1ec7c kh\u00e1c nhau t\u00f9y thu\u1ed9c v\u00e0o t\u1eebng n\u1ea1n nh\u00e2n c\u1ee5 th\u1ec3.<\/p>\n\n\n\n<p>Nh\u01b0 trong H\u00ecnh 10, trong qu\u00e1 tr\u00ecnh v\u1eadn h\u00e0nh, n\u1ea1n nh\u00e2n s\u1ebd th\u1ea5y m\u1ed9t m\u00e0n h\u00ecnh overlay y\u00eau c\u1ea7u x\u00e1c minh k\u1ef9 thu\u1eadt s\u1ed1 ho\u1eb7c \u0111\u1ecbnh danh \u0111i\u1ec7n t\u1eed (KYC). Trong l\u00fac \u0111\u00f3, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u1ed3ng th\u1eddi k\u00edch ho\u1ea1t t\u00ednh n\u0103ng thu th\u1eadp sinh tr\u1eafc h\u1ecdc \u1edf ch\u1ebf \u0111\u1ed9 ch\u1ea1y ng\u1ea7m. D\u1eef li\u1ec7u nh\u1eadn di\u1ec7n khu\u00f4n m\u1eb7t sau \u0111\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 \u0111\u0103ng nh\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng ng\u00e2n h\u00e0ng tr\u1ef1c tuy\u1ebfn c\u1ee7a n\u1ea1n nh\u00e2n m\u00e0 h\u1ecd kh\u00f4ng h\u1ec1 hay bi\u1ebft. B\u1eb1ng c\u00e1ch ch\u1eb7n m\u00e3 OTP qua SMS t\u1eeb ng\u00e2n h\u00e0ng, k\u1ebb v\u1eadn h\u00e0nh c\u00f3 to\u00e0n quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng c\u1ee7a n\u1ea1n nh\u00e2n v\u00e0 c\u00f3 th\u1ec3 chuy\u1ec3n ti\u1ec1n \u0111\u1ebfn b\u1ea5t c\u1ee9 \u0111\u00e2u ch\u00fang mu\u1ed1n.<\/p>\n\n\n<style>.kb-image5802_dcc3c9-cc.kb-image-is-ratio-size, .kb-image5802_dcc3c9-cc .kb-image-is-ratio-size{max-width:761px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_dcc3c9-cc.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_dcc3c9-cc .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_dcc3c9-cc figure{max-width:761px;}.kb-image5802_dcc3c9-cc .image-is-svg, .kb-image5802_dcc3c9-cc .image-is-svg img{width:100%;}.kb-image5802_dcc3c9-cc .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_dcc3c9-cc\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"433\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure10.png\" alt=\"\" class=\"kb-img wp-image-5821\"\/><figcaption><strong>H\u00ecnh 10.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh trong qu\u00e1 tr\u00ecnh \u0111i\u1ec1u tra c\u1ee7a Ch\u1ed1ng L\u1eeba \u0110\u1ea3o: 1) K\u1ebb v\u1eadn h\u00e0nh \u0111ang h\u01b0\u1edbng d\u1eabn m\u1ed9t n\u1ea1n nh\u00e2n t\u1ea1i Philippines c\u00e0i \u0111\u1eb7t t\u1ec7p APK \u0111\u1ed9c h\u1ea1i t\u1ea1i t\u00ean mi\u1ec1n <code>sss.oiago[.]cc<\/code> qua Facebook Messenger; 2) K\u1ebb v\u1eadn h\u00e0nh sau \u0111\u00f3 tri\u1ec3n khai m\u00e0n h\u00ecnh gi\u1ea3 m\u1ea1o x\u00e1c th\u1ef1c KYC; 3) v\u00e0 4) K\u1ebb v\u1eadn h\u00e0nh \u0111ang th\u1ef1c hi\u1ec7n r\u00fat ti\u1ec1n c\u1ee7a n\u1ea1n nh\u00e2n t\u1eeb ng\u00e2n h\u00e0ng BBVA Mexico.<\/figcaption><\/figure><\/div>\n\n\n\n<p>Qu\u1ea3n tr\u1ecb vi\u00ean MaaS n\u00e0y s\u1eed d\u1ee5ng c\u00e1c t\u00ean mi\u1ec1n ph\u1ee5 (subdomain) \u0111\u1eb7c tr\u01b0ng, bao g\u1ed3m \u2018<code>kef<\/code>\u2019, \u2018<code>ador<\/code>\u2019, \u2018<code>rpc<\/code>\u2019, c\u0169ng nh\u01b0 \u2018<code>adm<\/code>\u2019 v\u00e0 \u2018<code>apim<\/code>\u2019 cho m\u00e1y ch\u1ee7 C2 v\u00e0 c\u00e1c b\u1ea3ng qu\u1ea3n l\u00fd \u1ee9ng d\u1ee5ng Android kh\u00e1c nhau. Vi\u1ec7c s\u1eed d\u1ee5ng c\u00e1c t\u00ean mi\u1ec1n ph\u1ee5 c\u00f3 t\u00ednh quy lu\u1eadt gi\u00fap c\u00e1c chuy\u00ean gia t\u1ea1o ra c\u00e1c \u201cch\u1eef k\u00fd nh\u1eadn d\u1ea1ng&#8221; \u0111\u1ec3 ph\u00e1t hi\u1ec7n th\u00eam c\u00e1c m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n (C2) kh\u00e1c. C\u00e1c m\u00e1y ch\u1ee7 n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp \u0111\u1ec3 ph\u1ee5c v\u1ee5 c\u00f9ng l\u00fac cho nhi\u1ec1u nh\u00f3m t\u1ed9i ph\u1ea1m kh\u00e1c nhau. H\u1ec7 th\u1ed1ng n\u00e0y bao g\u1ed3m h\u00e0ng lo\u1ea1t b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n C2 \u0111\u01b0\u1ee3c ph\u00e2n lo\u1ea1i c\u1ee5 th\u1ec3 theo qu\u1ed1c gia m\u1ee5c ti\u00eau (nh\u01b0 nh\u00f3m Indonesia, Brazil, Ai C\u1eadp), ho\u1eb7c theo t\u00ean ri\u00eang c\u1ee7a t\u1eebng kh\u00e1ch h\u00e0ng thu\u00ea d\u1ecbch v\u1ee5. \u0110i\u1ec1u n\u00e0y ch\u1ee9ng t\u1ecf quy m\u00f4 v\u1eadn h\u00e0nh r\u1ea5t chuy\u00ean nghi\u1ec7p v\u00e0 c\u00f3 s\u1ef1 ph\u1ed1i h\u1ee3p ch\u1eb7t ch\u1ebd.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Ph\u00e2n t\u00edch h\u1ea1 t\u1ea7ng qu\u1ea3n l\u00fd<\/h3>\n\n\n\n<p>\u0110i s\u00e2u v\u00e0o ph\u00e2n t\u00edch, c\u00e1c chuy\u00ean gia c\u00f2n ph\u00e1t hi\u1ec7n c\u00e1c ph\u00e2n khu chuy\u00ean bi\u1ec7t d\u00f9ng \u0111\u1ec3 ph\u00e1t tri\u1ec3n c\u00e1c \u1ee9ng d\u1ee5ng ng\u00e2n h\u00e0ng \u0111\u00e3 \u0111\u01b0\u1ee3c ch\u1ec9nh s\u1eeda v\u00e0 k\u1ef9 thu\u1eadt d\u1ecbch ng\u01b0\u1ee3c (reverse engineering), th\u1eed nghi\u1ec7m nh\u1eadn di\u1ec7n khu\u00f4n m\u1eb7t v\u00e0 v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf ph\u00e1t hi\u1ec7n m\u00e3 \u0111\u1ed9c. Th\u1eadm ch\u00ed, ch\u00fang c\u00f2n t\u00edch h\u1ee3p c\u1ea3 chatbot AI v\u00e0 c\u00f4ng ngh\u1ec7 gi\u1ea3 m\u1ea1o gi\u1ecdng n\u00f3i (deepfake) v\u00e0o quy tr\u00ecnh t\u1ea5n c\u00f4ng. C\u00e1c h\u00ecnh \u1ea3nh minh h\u1ecda \u0111\u01b0\u1ee3c th\u1ec3 hi\u1ec7n t\u1ea1i H\u00ecnh 11 v\u00e0 12.<\/p>\n\n\n<style>.kb-image5802_a1d6bf-db .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_a1d6bf-db\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"247\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure11.png\" alt=\"\" class=\"kb-img wp-image-5825\"\/><figcaption><strong>H\u00ecnh 11.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u00e1c admin panel m\u1eabu cho c\u00e1c chi\u1ebfn d\u1ecbch chuy\u00ean bi\u1ec7t nh\u1eafm v\u00e0o Th\u00e1i Lan v\u00e0 Ch\u00e2u Phi.<\/figcaption><\/figure><\/div>\n\n\n<style>.kb-image5802_7a1a38-2b .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_7a1a38-2b\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"308\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure12.png\" alt=\"\" class=\"kb-img wp-image-5824\"\/><figcaption><strong>H\u00ecnh 12<\/strong>. \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u00e1c b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n qu\u1ea3n l\u00fd c\u00f4ng c\u1ee5 nh\u1eadn di\u1ec7n khu\u00f4n m\u1eb7t v\u00e0 AI<\/figcaption><\/figure><\/div>\n\n\n\n<p>Khi ph\u00e2n t\u00edch s\u00e2u v\u00e0o n\u1ec1n t\u1ea3ng qu\u1ea3n l\u00fd APK c\u1ee7a qu\u1ea3n tr\u1ecb vi\u00ean d\u1ecbch v\u1ee5 MaaS (m\u1ed9t s\u1ef1 m\u1ec9a mai khi n\u00f3 n\u1eb1m tr\u00ean t\u00ean mi\u1ec1n <code>safeapk[.]xyz<\/code>), c\u00e1c chuy\u00ean gia Ch\u1ed1ng L\u1eeba \u0110\u1ea3o \u0111\u00e3 ph\u00e1t hi\u1ec7n nhi\u1ec1u \u1ee9ng d\u1ee5ng t\u00f9y ch\u1ec9nh \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 gi\u1ea3 m\u1ea1o c\u00e1c t\u1ed5 ch\u1ee9c t\u1ea1i Th\u00e1i Lan. Nh\u01b0 trong H\u00ecnh 13, danh s\u00e1ch n\u00e0y bao g\u1ed3m c\u00e1c \u1ee9ng d\u1ee5ng gi\u1ea3 m\u1ea1o Thai Airways, Ng\u00e2n h\u00e0ng Kasikorn, LX International, V\u0103n ph\u00f2ng \u1ee6y ban B\u1ea3o hi\u1ec3m (OIC) v\u00e0 T\u1ed5ng c\u1ee5c Du l\u1ecbch Th\u00e1i Lan. Nh\u1eefng ph\u00e1t hi\u1ec7n n\u00e0y nh\u1ea5t qu\u00e1n v\u1edbi c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng t\u1eebng \u0111\u01b0\u1ee3c ghi nh\u1eadn th\u00f4ng qua l\u1ecbch s\u1eed b\u1ea3n ghi DNS.<\/p>\n\n\n<style>.kb-image5802_87f14d-6e.kb-image-is-ratio-size, .kb-image5802_87f14d-6e .kb-image-is-ratio-size{max-width:820px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_87f14d-6e.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_87f14d-6e .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_87f14d-6e figure{max-width:820px;}.kb-image5802_87f14d-6e .image-is-svg, .kb-image5802_87f14d-6e .image-is-svg img{width:100%;}.kb-image5802_87f14d-6e .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_87f14d-6e\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"864\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure13.png\" alt=\"\" class=\"kb-img wp-image-5823\"\/><figcaption><strong>H\u00ecnh 13.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u1ee7a m\u1ed9t b\u1ea3ng qu\u1ea3n l\u00fd APK.<\/figcaption><\/figure><\/div>\n\n\n\n<p>Ph\u00e2n t\u00edch c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng v\u00e0 c\u00e1c t\u00ean mi\u1ec1n li\u00ean quan cho th\u1ea5y c\u00f9ng m\u1ed9t h\u1ec7 th\u1ed1ng n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u00e1c nhau, bao g\u1ed3m phishing, l\u1eeba \u0111\u1ea3o \u0111\u1ea7u t\u01b0 ti\u1ec1n \u0111i\u1ec7n t\u1eed hay <a href=\"https:\/\/chongluadao.vn\/blog\/pigbutchering\" target=\"_blank\" rel=\"noreferrer noopener\">pig butchering<\/a>. Ch\u00fang \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c t\u00ean mi\u1ec1n nh\u01b0 <code>lx-yindu[.]top<\/code> v\u00e0 <code>orbiixtrade[.]com<\/code> \u0111\u1ec3 gi\u1ea3 m\u1ea1o T\u00f2a \u00e1n T\u1ed1i cao \u1ea4n \u0110\u1ed9 v\u00e0 n\u1ec1n t\u1ea3ng giao d\u1ecbch ti\u1ec1n \u0111i\u1ec7n t\u1eed Orbix c\u1ee7a Th\u00e1i Lan (H\u00ecnh 14), trong \u0111\u00f3 t\u00ean mi\u1ec1n gi\u1ea3 m\u1ea1o T\u00f2a \u00e1n \u1ea4n \u0110\u1ed9 \u0111\u00e3 \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o trong m\u1ed9t th\u00f4ng b\u00e1o ch\u00ednh th\u1ee9c c\u1ee7a Ch\u00ednh ph\u1ee7 n\u01b0\u1edbc n\u00e0y.<\/p>\n\n\n<style>.kb-image5802_f733ee-ea.kb-image-is-ratio-size, .kb-image5802_f733ee-ea .kb-image-is-ratio-size{max-width:738px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_f733ee-ea.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_f733ee-ea .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_f733ee-ea figure{max-width:738px;}.kb-image5802_f733ee-ea .image-is-svg, .kb-image5802_f733ee-ea .image-is-svg img{width:100%;}.kb-image5802_f733ee-ea .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_f733ee-ea\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1558\" height=\"582\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure14.png\" alt=\"\" class=\"kb-img wp-image-5822\"\/><figcaption><strong>H\u00ecnh 14.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u00e1c m\u1eabu trang phishing v\u00e0 l\u1eeba \u0111\u1ea3o \u0111\u1ea7u t\u01b0 (pig butchering).<\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">OPSEC th\u1ef1c s\u1ef1 kh\u00f3 (\u0111\u1eb7c bi\u1ec7t l\u00e0 khi s\u1eed d\u1ee5ng lao \u0111\u1ed9ng c\u01b0\u1ee1ng b\u1ee9c)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">N\u1ea1n nh\u00e2n l\u00ean ti\u1ebfng t\u1eeb b\u00ean trong<\/h3>\n\n\n\n<p>Cu\u1ed1i n\u0103m 2025, m\u1ed9t s\u1ed1 ng\u01b0\u1eddi b\u1ecb giam gi\u1eef \u0111\u00e3 li\u00ean h\u1ec7 v\u1edbi <strong><a href=\"http:\/\/chongluadao.vn\" target=\"_blank\" rel=\"noreferrer noopener\">Ch\u1ed1ng L\u1eeba \u0110\u1ea3o<\/a><\/strong> \u0111\u1ec3 xin gi\u1ea3i c\u1ee9u t\u1eeb m\u1ed9t khu ph\u1ee9c h\u1ee3p t\u1ea1i Sihanoukville, Campuchia &#8211; m\u1ed9t trung t\u00e2m t\u1ed9i ph\u1ea1m m\u1ea1ng c\u00f3 li\u00ean h\u1ec7 v\u1edbi nh\u00f3m <strong>Vigorish Viper<\/strong>. Nh\u1eefng ng\u01b0\u1eddi n\u00e0y khai r\u1eb1ng h\u1ecd b\u1ecb \u0111\u00e1nh \u0111\u1eadp v\u00e0 tra t\u1ea5n b\u1eb1ng \u0111i\u1ec7n do kh\u00f4ng \u0111\u1ea1t ch\u1ec9 ti\u00eau hi\u1ec7u su\u1ea5t. C\u00e1o bu\u1ed9c n\u00e0y ho\u00e0n to\u00e0n nh\u1ea5t qu\u00e1n v\u1edbi c\u00e1c b\u00e1o c\u00e1o c\u1ee7a Li\u00ean H\u1ee3p Qu\u1ed1c v\u00e0 nhi\u1ec1u t\u1ed5 ch\u1ee9c kh\u00e1c \u0111\u00e3 ghi nh\u1eadn c\u00e1c s\u1ef1 vi\u1ec7c t\u01b0\u01a1ng t\u1ef1 t\u1ea1i khu v\u1ef1c n\u00e0y trong nh\u1eefng n\u0103m g\u1ea7n \u0111\u00e2y.<\/p>\n\n\n\n<p>Sau khi \u0111\u01b0\u1ee3c gi\u1ea3i c\u1ee9u th\u00e0nh c\u00f4ng kh\u1ecfi t\u1ed5 h\u1ee3p K99, c\u00e1c n\u1ea1n nh\u00e2n \u0111\u00e3 cung c\u1ea5p cho nh\u00f3m \u0111i\u1ec1u tra nhi\u1ec1u b\u1eb1ng ch\u1ee9ng quan tr\u1ecdng: t\u1eeb nh\u1eadt k\u00fd chat trong nh\u00f3m k\u00edn, \u1ea3nh ch\u1ee5p m\u00e0n h\u00ecnh, \u0111\u1ebfn c\u00e1c d\u1eef li\u1ec7u li\u00ean quan kh\u00e1c. Nh\u1eefng t\u00e0i li\u1ec7u n\u00e0y kh\u00f4ng ch\u1ec9 c\u1ee7ng c\u1ed1 c\u00e1c ph\u00e1t hi\u1ec7n tr\u01b0\u1edbc \u0111\u00f3 m\u00e0 c\u00f2n x\u00e1c nh\u1eadn s\u1ef1 t\u1ed3n t\u1ea1i c\u1ee7a ho\u1ea1t \u0111\u1ed9ng ph\u00e2n ph\u1ed1i m\u00e3 \u0111\u1ed9c v\u00e0 l\u1eeba \u0111\u1ea3o d\u01b0\u1edbi d\u1ea1ng d\u1ecbch v\u1ee5 (MaaS) \u0111ang v\u1eadn h\u00e0nh tr\u00ean h\u1ea1 t\u1ea7ng li\u00ean quan. \u0110\u00e1ng ch\u00fa \u00fd, b\u1eb1ng ch\u1ee9ng thu \u0111\u01b0\u1ee3c cho th\u1ea5y m\u1ed9t s\u1ed1 t\u00ean mi\u1ec1n trong c\u1ee5m d\u1eef li\u1ec7u ban \u0111\u1ea7u c\u1ee7a Infoblox (H\u00ecnh 15) \u0111\u00e3 tr\u1ef1c ti\u1ebfp \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o, qua \u0111\u00f3 cung c\u1ea5p c\u01a1 s\u1edf v\u1eefng ch\u1eafc \u0111\u1ec3 k\u1ebft lu\u1eadn r\u1eb1ng to\u00e0n b\u1ed9 chu\u1ed7i ph\u00e1t hi\u1ec7n n\u00e0y c\u00f3 li\u00ean quan tr\u1ef1c ti\u1ebfp \u0111\u1ebfn \u0111\u1ecba \u0111i\u1ec3m K99 (H\u00ecnh 16).<\/p>\n\n\n<style>.kb-image5802_13d4e0-83 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_13d4e0-83\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"458\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure15.png\" alt=\"\" class=\"kb-img wp-image-5829\"\/><figcaption><strong>H\u00ecnh 15.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh c\u00e1c t\u00ean mi\u1ec1n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 gi\u1ea3 m\u1ea1o B\u1ed9 C\u00f4ng an, B\u1ed9 T\u00e0i ch\u00ednh v\u00e0 T\u1ed5ng c\u1ee5c Thu\u1ebf, \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i cho nh\u1eefng k\u1ebb v\u1eadn h\u00e0nh trong c\u00e1c nh\u00f3m chat ri\u00eang t\u01b0 c\u1ee7a m\u1ea1ng l\u01b0\u1edbi l\u1eeba \u0111\u1ea3o \u0111\u1eb7t t\u1ea1i K99 Triumph City, Sihanoukville, Campuchia.<\/figcaption><\/figure><\/div>\n\n\n<style>.kb-image5802_6b23ec-cf.kb-image-is-ratio-size, .kb-image5802_6b23ec-cf .kb-image-is-ratio-size{max-width:747px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_6b23ec-cf.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_6b23ec-cf .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_6b23ec-cf figure{max-width:747px;}.kb-image5802_6b23ec-cf .image-is-svg, .kb-image5802_6b23ec-cf .image-is-svg img{width:100%;}.kb-image5802_6b23ec-cf .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_6b23ec-cf\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"370\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure16.png\" alt=\"\" class=\"kb-img wp-image-5828\"\/><figcaption><strong>H\u00ecnh 16.<\/strong> Tin nh\u1eafn t\u1eeb m\u1ed9t n\u1ea1n nh\u00e2n b\u1ecb giam gi\u1eef g\u1eedi \u0111\u1ebfn Ch\u1ed1ng L\u1eeba \u0110\u1ea3o y\u00eau c\u1ea7u gi\u1ea3i c\u1ee9u t\u1eeb \u0111\u1ecba \u0111i\u1ec3m \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh l\u00e0 K99 Triumph City t\u1ea1i Sihanoukville, Campuchia.<\/figcaption><\/figure><\/div>\n\n\n\n<p>C\u00e1c chuy\u00ean gia ti\u1ebfn h\u00e0nh ki\u1ec3m tra thi\u1ebft b\u1ecb l\u00e0m vi\u1ec7c c\u1ee7a m\u1ed9t n\u1ea1n nh\u00e2n trong cu\u1ed9c v\u00e0 t\u00ecm \u0111\u01b0\u1ee3c c\u1ea5c h\u1ed3 s\u01a1 n\u1ea1n nh\u00e2n m\u1ee5c ti\u00eau \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng d\u1ef1a tr\u00ean d\u1eef li\u1ec7u c\u00e1 nh\u00e2n c\u00f9ng v\u1edbi th\u00f4ng tin doanh nghi\u1ec7p chi ti\u1ebft, c\u0169ng nh\u01b0 c\u00e1c k\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng \u0111\u00e3 \u0111\u01b0\u1ee3c so\u1ea1n s\u1eb5n v\u00e0 t\u00e0i li\u1ec7u ch\u00ednh ph\u1ee7 gi\u1ea3 m\u1ea1o nh\u1eb1m ph\u1ee5c v\u1ee5 cho c\u00e1c m\u1ee5c \u0111\u00edch social engineering. \u0110\u00e1ng ch\u00fa \u00fd l\u00e0 m\u1ed9t th\u00f4ng b\u00e1o gi\u1ea3 m\u1ea1o c\u01a1 quan nh\u00e0 n\u01b0\u1edbc li\u00ean quan \u0111\u1ebfn m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh \u0111\u1ecbnh danh k\u1ef9 thu\u1eadt s\u1ed1 v\u00e0 gi\u1ea3m thu\u1ebf VAT m\u1edbi d\u00e0nh cho doanh nghi\u1ec7p Vi\u1ec7t Nam \u0111\u00e3 \u0111\u0103ng k\u00fd \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 g\u1eedi \u0111\u1ebfn ch\u1ee7 doanh nghi\u1ec7p ho\u1eb7c nh\u00e2n vi\u00ean m\u1ee5c ti\u00eau. C\u00e1c chi\u1ebfn d\u1ecbch li\u00ean quan c\u00f2n m\u1ea1o danh h\u00e0ng ch\u1ee5c d\u1ecbch v\u1ee5 c\u00f4ng kh\u00e1c, t\u1eeb nh\u00e0 cung c\u1ea5p \u0111i\u1ec7n n\u01b0\u1edbc \u0111\u1ebfn c\u01a1 quan th\u1ef1c thi ph\u00e1p lu\u1eadt.<\/p>\n\n\n<style>.kb-image5802_6bf0f8-df.kb-image-is-ratio-size, .kb-image5802_6bf0f8-df .kb-image-is-ratio-size{max-width:781px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_6bf0f8-df.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_6bf0f8-df .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_6bf0f8-df figure{max-width:781px;}.kb-image5802_6bf0f8-df .image-is-svg, .kb-image5802_6bf0f8-df .image-is-svg img{width:100%;}.kb-image5802_6bf0f8-df .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_6bf0f8-df\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"457\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure17.png\" alt=\"\" class=\"kb-img wp-image-5831\"\/><figcaption><strong>H\u00ecnh 17<\/strong>. \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh thi\u1ebft b\u1ecb l\u00e0m vi\u1ec7c c\u1ee7a ng\u01b0\u1eddi trong cu\u1ed9c t\u1ea1i K99 Triumph City<\/figcaption><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Quy tr\u00ecnh l\u1eeba \u0111\u1ea3o v\u00e0 chi\u1ebfm \u0111o\u1ea1t t\u00e0i s\u1ea3n<\/h3>\n\n\n\n<p>Theo l\u1eddi k\u1ec3 c\u1ee7a ng\u01b0\u1eddi tho\u00e1t th\u00e2n t\u1eeb tr\u1ea1i l\u1eeba \u0111\u1ea3o, c\u00e1c nh\u00e2n vi\u00ean t\u1ea1i \u0111\u00e2y ban \u0111\u1ea7u s\u1ebd li\u00ean l\u1ea1c v\u1edbi m\u1ee5c ti\u00eau qua \u0111i\u1ec7n tho\u1ea1i b\u1eb1ng ph\u1ea7n m\u1ec1m <strong>eyeBeam<\/strong> (m\u1ed9t lo\u1ea1i ph\u1ea7n m\u1ec1m g\u1ecdi \u0111i\u1ec7n qua internet &#8211; VoIP) \u0111\u1ec3 m\u1ea1o danh c\u00e1n b\u1ed9 ch\u00ednh ph\u1ee7. Sau \u0111\u00f3, ch\u00fang chuy\u1ec3n h\u01b0\u1edbng giao ti\u1ebfp sang \u1ee9ng d\u1ee5ng nh\u1eafn tin ph\u1ed5 bi\u1ebfn l\u00e0 <strong>Zalo<\/strong> v\u00e0 g\u1eedi m\u1ed9t \u0111\u01b0\u1eddng link ho\u1eb7c m\u00e3 QR d\u1eabn n\u1ea1n nh\u00e2n \u0111\u1ebfn trang m\u1ed3i nh\u1eed (\u0111\u00e3 m\u00f4 t\u1ea3 \u1edf tr\u00ean). T\u1ea1i \u0111\u00e2y, ch\u00fang h\u01b0\u1edbng d\u1eabn n\u1ea1n nh\u00e2n c\u00e0i \u0111\u1eb7t t\u1ec7p APK \u0111\u1ed9c h\u1ea1i v\u00e0 y\u00eau c\u1ea7u c\u1ea5p c\u00e1c quy\u1ec1n truy c\u1eadp n\u00e2ng cao tr\u00ean thi\u1ebft b\u1ecb, \u0111\u1ed3ng th\u1eddi b\u1ea3o n\u1ea1n nh\u00e2n h\u00e3y ph\u1edbt l\u1edd m\u1ecdi c\u1ea3nh b\u00e1o an ninh t\u1eeb h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n<p>Sau \u0111\u00f3, k\u1ebb v\u1eadn h\u00e0nh s\u1ebd gi\u00e1m s\u00e1t ch\u1eb7t ch\u1ebd thi\u1ebft b\u1ecb \u0111\u00e3 b\u1ecb nhi\u1ec5m m\u00e3 \u0111\u1ed9c tr\u01b0\u1edbc khi s\u1eed d\u1ee5ng c\u00e1c th\u00f4ng tin \u0111\u0103ng nh\u1eadp thu th\u1eadp \u0111\u01b0\u1ee3c \u0111\u1ec3 truy c\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng ng\u00e2n h\u00e0ng c\u1ee7a n\u1ea1n nh\u00e2n. Ch\u00fang ti\u1ebfn h\u00e0nh \u0111\u00e1nh ch\u1eb7n m\u00e3 x\u00e1c th\u1ef1c m\u1ed9t l\u1ea7n (OTP) qua tin nh\u1eafn SMS \u0111\u1ec3 x\u00e1c minh danh t\u00ednh, cu\u1ed1i c\u00f9ng l\u00e0 thao t\u00fang n\u1ea1n nh\u00e2n th\u1ef1c hi\u1ec7n quy tr\u00ecnh x\u00e1c th\u1ef1c sinh tr\u1eafc h\u1ecdc (nh\u1eadn di\u1ec7n khu\u00f4n m\u1eb7t) th\u00f4ng qua m\u1ed9t m\u00e0n h\u00ecnh overlay tr\u00f4ng r\u1ea5t chuy\u00ean nghi\u1ec7p. \u0110\u1ebfn th\u1eddi \u0111i\u1ec3m n\u00e0y, n\u1ea1n nh\u00e2n ho\u00e0n to\u00e0n tin r\u1eb1ng nh\u1eefng h\u00e0nh \u0111\u1ed9ng n\u00e0y l\u00e0 c\u1ea7n thi\u1ebft \u0111\u1ec3 tu\u00e2n th\u1ee7 \u201cch\u01b0\u01a1ng tr\u00ecnh m\u1edbi c\u1ee7a ch\u00ednh ph\u1ee7&#8221;.<\/p>\n\n\n\n<p>Th\u1ef1c t\u1ebf ph\u0169 ph\u00e0ng l\u00e0 n\u1ea1n nh\u00e2n v\u1eeba ho\u00e0n th\u00e0nh b\u01b0\u1edbc cu\u1ed1i c\u00f9ng \u0111\u1ec3 trao cho k\u1ebb l\u1eeba \u0111\u1ea3o quy\u1ec1n truy c\u1eadp to\u00e0n di\u1ec7n v\u00e0o t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng tr\u1ef1c tuy\u1ebfn c\u1ee7a m\u00ecnh. Tr\u00ecnh t\u1ef1 c\u00e1c s\u1ef1 ki\u1ec7n n\u00e0y \u0111\u01b0\u1ee3c th\u1ec3 hi\u1ec7n trong H\u00ecnh 18 d\u01b0\u1edbi \u0111\u00e2y, s\u1eed d\u1ee5ng c\u00e1c h\u00ecnh \u1ea3nh ghi l\u1ea1i t\u1eeb m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng th\u1ef1c t\u1ebf.<\/p>\n\n\n<style>.kb-image5802_941c0d-6d .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_941c0d-6d\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"896\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure18.png\" alt=\"\" class=\"kb-img wp-image-5832\"\/><figcaption><strong>H\u00ecnh 18.<\/strong> \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh k\u1ebb l\u1eeba \u0111\u1ea3o \u0111ang tri\u1ec3n khai m\u00e0n h\u00ecnh overlay x\u00e1c th\u1ef1c KYC, s\u1eed d\u1ee5ng d\u1eef li\u1ec7u qu\u00e9t khu\u00f4n m\u1eb7t c\u1ee7a n\u1ea1n nh\u00e2n \u0111\u1ec3 chi\u1ebfm quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng tr\u1ef1c tuy\u1ebfn \u1edf ch\u1ebf \u0111\u1ed9 ch\u1ea1y n\u1ec1n.<\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">T\u1eadp \u0111o\u00e0n K99 v\u00e0 m\u1ed1i li\u00ean h\u1ec7 v\u1edbi Vigorish Viper v\u00e0 Vault Viper<\/h2>\n\n\n\n<p>Theo c\u00e1c h\u1ed3 s\u01a1 \u0111\u0103ng k\u00fd doanh nghi\u1ec7p ch\u00ednh th\u1ee9c, khu ph\u1ee9c h\u1ee3p <strong>K99 Triumph City<\/strong> thu\u1ed9c s\u1edf h\u1eefu c\u1ee7a <strong>T\u1eadp \u0111o\u00e0n K99 (Campuchia)<\/strong>. \u0110\u00e2y l\u00e0 m\u1ed9t t\u1eadp \u0111o\u00e0n \u0111a ng\u00e0nh ho\u1ea1t \u0111\u1ed9ng trong c\u00e1c l\u0129nh v\u1ef1c casino, \u0111\u00e1nh b\u1ea1c tr\u1ef1c tuy\u1ebfn, ph\u00e1t tri\u1ec3n b\u1ea5t \u0111\u1ed9ng s\u1ea3n v\u00e0 \u0111\u1ea7u t\u01b0. T\u1eadp \u0111o\u00e0n n\u00e0y do \u00f4ng tr\u00f9m <strong>Rithy Raksmei<\/strong> (c\u00f2n g\u1ecdi l\u00e0 Xie Liguang) l\u00e0m ch\u1ee7 t\u1ecbch. \u00d4ng n\u00e0y l\u00e0 th\u00e0nh vi\u00ean trong gia t\u1ed9c c\u1ee7a Th\u01b0\u1ee3ng ngh\u1ecb s\u0129 <strong>Kok An<\/strong> &#8211; m\u1ed9t trong nh\u1eefng ng\u01b0\u1eddi gi\u00e0u nh\u1ea5t Campuchia, ng\u01b0\u1eddi t\u1eebng b\u1ecb truy\u1ec1n th\u00f4ng n\u00eau t\u00ean l\u00e0 \u0111\u1ed1i t\u01b0\u1ee3ng b\u1ecb nh\u00e0 ch\u1ee9c tr\u00e1ch Th\u00e1i Lan truy n\u00e3 v\u00ec li\u00ean quan \u0111\u1ebfn l\u1eeba \u0111\u1ea3o qua m\u1ea1ng v\u00e0 r\u1eeda ti\u1ec1n.<\/p>\n\n\n\n<p>C\u1ea3 hai c\u00e1 nh\u00e2n n\u00e0y g\u1ea7n \u0111\u00e2y \u0111\u00e3 \u0111\u01b0\u1ee3c n\u00eau t\u00ean trong ngh\u1ecb quy\u1ebft c\u1ee7a H\u1ea1 vi\u1ec7n Hoa K\u1ef3 (H.R. 5490) v\u1edbi c\u00e1o bu\u1ed9c l\u00e0 nh\u1eefng c\u00e1 nh\u00e2n n\u01b0\u1edbc ngo\u00e0i li\u00ean quan \u0111\u1ebfn c\u00e1c t\u1ed5 ch\u1ee9c t\u1ed9i ph\u1ea1m xuy\u00ean qu\u1ed1c gia, duy tr\u00ec c\u00e1c ho\u1ea1t \u0111\u1ed9ng l\u1eeba \u0111\u1ea3o tr\u1ef1c tuy\u1ebfn quy m\u00f4 l\u1edbn. C\u00e1c b\u00e1o c\u00e1o c\u0169ng m\u00f4 t\u1ea3 h\u1ecd l\u00e0 nh\u1eefng ng\u01b0\u1eddi t\u1ea1o \u0111i\u1ec1u ki\u1ec7n cho c\u00e1c m\u1ea1ng l\u01b0\u1edbi t\u1ed9i ph\u1ea1m ho\u1ea1t \u0111\u1ed9ng t\u1ea1i \u0110\u00f4ng Nam \u00c1 th\u00f4ng qua c\u00e1c m\u1ed1i quan h\u1ec7 \u0111\u1ed1i t\u00e1c kinh doanh ch\u00ednh th\u1ee9c. Trong \u0111\u00f3 bao g\u1ed3m c\u00e1c b\u0103ng nh\u00f3m do tr\u00f9m x\u00e3 h\u1ed9i \u0111en <strong>Alvin Chau<\/strong> (T\u1eadp \u0111o\u00e0n Suncity) d\u1eabn \u0111\u1ea7u v\u00e0 <strong>Dong Lecheng<\/strong> (ng\u01b0\u1eddi \u0111ang ch\u1ecbu l\u1ec7nh tr\u1eebng ph\u1ea1t t\u1eeb Anh v\u00e0 M\u1ef9), c\u00f9ng nhi\u1ec1u \u0111\u1ed1i t\u01b0\u1ee3ng kh\u00e1c li\u00ean quan \u0111\u1ebfn m\u1ed9t trong nh\u1eefng c\u1ee5m trung t\u00e2m l\u1eeba \u0111\u1ea3o kh\u00e9t ti\u1ebfng nh\u1ea5t t\u1ea1i Sihanoukville, Campuchia, th\u01b0\u1eddng \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 \u201cChinatown&#8221; (H\u00ecnh 19).<\/p>\n\n\n<style>.kb-image5802_726b08-9c.kb-image-is-ratio-size, .kb-image5802_726b08-9c .kb-image-is-ratio-size{max-width:619px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_726b08-9c.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_726b08-9c .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_726b08-9c figure{max-width:619px;}.kb-image5802_726b08-9c .image-is-svg, .kb-image5802_726b08-9c .image-is-svg img{width:100%;}.kb-image5802_726b08-9c .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_726b08-9c\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"569\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure19.png\" alt=\"\" class=\"kb-img wp-image-5833\"\/><figcaption><strong>H\u00ecnh 19.<\/strong> C\u00e1c v\u1ecb tr\u00ed trung t\u00e2m l\u1eeba \u0111\u1ea3o quan tr\u1ecdng li\u00ean quan \u0111\u1ebfn m\u1ea1ng l\u01b0\u1edbi m\u1edf r\u1ed9ng c\u1ee7a K99 t\u1ea1i Sihanoukville, Campuchia. <em>Ngu\u1ed3n: Cyber Scam Monitor, th\u00e1ng 3 n\u0103m 2025.<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>Theo <a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/vault-viper-high-stakes-hidden-threats\/\" target=\"_blank\" rel=\"noopener\">m\u1ed9t b\u00e1o c\u00e1o tr\u01b0\u1edbc \u0111\u00e2y<\/a> c\u1ee7a Infoblox, \u201cChinatown&#8221; (Khu ph\u1ed1 T\u00e0u) l\u00e0 m\u1ed9t khu v\u1ef1c bi\u1ec7t l\u1eadp bao g\u1ed3m nhi\u1ec1u s\u00f2ng b\u1ea1c v\u00e0 khu ph\u1ee9c h\u1ee3p l\u1eeba \u0111\u1ea3o \u0111\u01b0\u1ee3c canh ph\u00f2ng c\u1ea9n m\u1eadt. K\u1ec3 t\u1eeb khi b\u1eaft \u0111\u1ea7u ph\u00e1t tri\u1ec3n v\u00e0o kho\u1ea3ng n\u0103m 2017, n\u01a1i \u0111\u00e2y \u0111\u00e3 nhanh ch\u00f3ng tr\u1edf th\u00e0nh m\u1ed9t trong nh\u1eefng trung t\u00e2m l\u1eeba \u0111\u1ea3o c\u00f4ng ngh\u1ec7 cao l\u1edbn nh\u1ea5t th\u1ebf gi\u1edbi. C\u00e1c d\u1ef1 \u00e1n n\u00e0y c\u00f3 m\u1ed1i li\u00ean h\u1ec7 s\u00e2u r\u1ed9ng v\u1edbi c\u00e1c m\u1ea1ng l\u01b0\u1edbi t\u1ed9i ph\u1ea1m n\u00f3i ti\u1ebfng Trung g\u1eafn li\u1ec1n v\u1edbi t\u00ean tu\u1ed5i c\u1ee7a Kok An v\u00e0 Rithy Raksmei.<\/p>\n\n\n\n<p>S\u1ef1 t\u1eadp trung c\u1ee7a c\u00e1c t\u00e1c nh\u00e2n t\u1ea1i khu v\u1ef1c n\u00e0y cho th\u1ea5y m\u1ed9t h\u1ec7 sinh th\u00e1i c\u00f3 t\u00ednh t\u1eadp trung cao \u0111\u1ed9, n\u01a1i m\u1ed9t nh\u00f3m nh\u1ecf nh\u1eefng \u201cng\u01b0\u1eddi trong cu\u1ed9c&#8221; c\u00f3 quan h\u1ec7 ch\u00ednh tr\u1ecb \u0111\u00f3ng vai tr\u00f2 l\u00e0 nh\u1eefng b\u00ean t\u1ea1o \u0111i\u1ec1u ki\u1ec7n then ch\u1ed1t, cung c\u1ea5p quy\u1ec1n ti\u1ebfp c\u1eadn, s\u1ef1 b\u1ea3o k\u00ea v\u00e0 duy tr\u00ec ho\u1ea1t \u0111\u1ed9ng th\u00f4ng su\u1ed1t cho c\u00e1c nh\u00f3m t\u1ed9i ph\u1ea1m xuy\u00ean qu\u1ed1c gia. C\u00e1c c\u00e1 nh\u00e2n li\u00ean quan \u0111\u1ebfn nh\u1eefng khu ph\u1ee9c h\u1ee3p n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c ghi nh\u1eadn l\u00e0 c\u00f3 li\u00ean k\u1ebft v\u1edbi c\u00e1c b\u0103ng \u0111\u1ea3ng t\u1ed9i ph\u1ea1m khu v\u1ef1c th\u00f4ng qua c\u00e1c bu\u1ed5i k\u00fd k\u1ebft h\u1ee3p t\u00e1c r\u1ea7m r\u1ed9, c\u1ea5u tr\u00fac doanh nghi\u1ec7p ch\u1ed3ng ch\u00e9o v\u00e0 s\u1eed d\u1ee5ng chung h\u1ea1 t\u1ea7ng k\u1ef9 thu\u1eadt.<\/p>\n\n\n\n<p>C\u00e1c b\u00e1o c\u00e1o g\u1ea7n \u0111\u00e2y t\u1eeb c\u00e1c nh\u00f3m nh\u00e2n quy\u1ec1n v\u00e0 c\u00e1c ngu\u1ed3n tin kh\u00e1c cho th\u1ea5y K99 Triumph City v\u1eabn \u0111ang ho\u1ea1t \u0111\u1ed9ng t\u00edch c\u1ef1c b\u1ea5t ch\u1ea5p c\u00e1c \u0111\u1ee3t truy qu\u00e9t t\u1ed9i ph\u1ea1m m\u1ea1ng v\u00e0 l\u1eeba \u0111\u1ea3o c\u1ee7a ch\u00ednh ph\u1ee7 Campuchia &#8211; m\u1ed9t k\u1ecbch b\u1ea3n th\u01b0\u1eddng th\u1ea5y trong c\u00e1c m\u1ea1ng l\u01b0\u1edbi trung t\u00e2m l\u1eeba \u0111\u1ea3o quy m\u00f4 l\u1edbn.<\/p>\n\n\n\n<p>B\u00ean c\u1ea1nh nh\u1eefng li\u00ean k\u1ebft \u0111\u00e3 \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o c\u1ee7a K99 v\u1edbi Th\u01b0\u1ee3ng ngh\u1ecb s\u0129 Kok An, m\u1ea1ng l\u01b0\u1edbi n\u00e0y t\u1eeb l\u00e2u \u0111\u00e3 \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 l\u00e0 c\u00f3 m\u1ed1i quan h\u1ec7 m\u1eadt thi\u1ebft v\u1edbi gi\u1edbi tinh hoa ch\u00ednh tr\u1ecb v\u00e0 qu\u00e2n s\u1ef1 Campuchia (\u0111\u01b0\u1ee3c th\u1ec3 hi\u1ec7n trong c\u00e1c H\u00ecnh 20, 21 v\u00e0 22). \u0110\u00e1ng ch\u00fa \u00fd nh\u1ea5t l\u00e0 vi\u1ec7c K99 n\u1eb1m c\u00f9ng \u0111\u1ecba \u0111i\u1ec3m v\u1edbi c\u00f4ng ty \u0111\u1ea7u t\u01b0 v\u00e0 s\u00f2ng b\u1ea1c <strong>Royal Union<\/strong>, c\u00f9ng c\u1ef1u Gi\u00e1m \u0111\u1ed1c c\u1ee7a c\u00f4ng ty n\u00e0y l\u00e0 <strong>Yim Leak<\/strong> &#8211; con trai c\u1ee7a Ph\u00f3 Th\u1ee7 t\u01b0\u1edbng Yim Chhay Ly. Yim Leak c\u0169ng l\u00e0 c\u00e1i t\u00ean \u0111\u01b0\u1ee3c nh\u1eafc \u0111\u1ebfn trong d\u1ef1 th\u1ea3o \u0110\u1ea1o lu\u1eadt Tri\u1ec7t ph\u00e1 c\u00e1c B\u0103ng \u0111\u1ea3ng L\u1eeba \u0111\u1ea3o N\u01b0\u1edbc ngo\u00e0i c\u1ee7a Qu\u1ed1c h\u1ed9i Hoa K\u1ef3. M\u1ed9t chi ti\u1ebft th\u00fa v\u1ecb l\u00e0 c\u00e1c h\u1ed3 s\u01a1 l\u1ecbch s\u1eed v\u1ec1 s\u1ef1 tham gia c\u1ee7a Leak trong c\u00f4ng ty \u0111\u00e3 b\u1ecb x\u00f3a kh\u1ecfi s\u1ed5 \u0111\u0103ng k\u00fd kinh doanh ch\u00ednh th\u1ee9c c\u1ee7a Campuchia trong nh\u1eefng th\u00e1ng g\u1ea7n \u0111\u00e2y. Tuy nhi\u00ean, may m\u1eafn l\u00e0 c\u00e1c nh\u00e0 \u0111i\u1ec1u tra \u0111\u00e3 l\u01b0u gi\u1eef c\u00e1c b\u1ea3n sao n\u00e0y.<\/p>\n\n\n<style>.kb-image5802_184c3e-52 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_184c3e-52\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"292\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure20.png\" alt=\"\" class=\"kb-img wp-image-5836\"\/><figcaption><strong>H\u00ecnh 20.<\/strong> \u00d4ng tr\u00f9m Rithy Raksmei tham d\u1ef1 l\u1ec5 kh\u1edfi c\u00f4ng K99 Triumph City c\u00f9ng Th\u01b0\u1ee3ng ngh\u1ecb s\u0129 Campuchia Kok An v\u00e0o th\u00e1ng 1 n\u0103m 2019. <em>Ngu\u1ed3n: The Cambodia-China Times.<\/em><\/figcaption><\/figure><\/div>\n\n\n<style>.kb-image5802_e37a6c-8c .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_e37a6c-8c\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"958\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure21.png\" alt=\"\" class=\"kb-img wp-image-5835\"\/><figcaption><strong>H\u00ecnh 21.<\/strong> (Tr\u00e1i) \u1ea2nh ch\u1ee5p bi\u1ec3n hi\u1ec7u Casino Royal Union t\u1ea1i khu ph\u1ee9c h\u1ee3p K99 Triumph City \u1edf Sihanoukville, th\u00e1ng 12\/2023. (Ph\u1ea3i) \u1ea2nh Rithy Raksmei ch\u1ee5p c\u00f9ng Yim Leak t\u1ea1i \u0111\u00e1m c\u01b0\u1edbi c\u1ee7a Leak \u1edf Bangkok, th\u00e1ng 11\/2018. (D\u01b0\u1edbi) H\u1ed3 s\u01a1 \u0110\u0103ng k\u00fd Kinh doanh Campuchia cho th\u1ea5y vai tr\u00f2 c\u1ee7a Yim Leak t\u1ea1i Royal Union Investment. <em>Ngu\u1ed3n: Simon Menet, Facebook v\u00e0 B\u1ed9 Th\u01b0\u01a1ng m\u1ea1i Campuchia, th\u00e1ng 3\/2026.<\/em><\/figcaption><\/figure><\/div>\n\n\n<style>.kb-image5802_84e1d6-3d .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_84e1d6-3d\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"292\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure22.png\" alt=\"\" class=\"kb-img wp-image-5834\"\/><figcaption><strong>H\u00ecnh 22.<\/strong> (Tr\u00e1i) \u1ea2nh ch\u1ee5p m\u00e0n h\u00ecnh kho\u1ea3n \u0111\u00f3ng g\u00f3p c\u1ee7a T\u1eadp \u0111o\u00e0n K99 cho qu\u00e2n \u0111\u1ed9i Campuchia, th\u00e1ng 8\/2020. (Ph\u1ea3i) M\u1ed9t trong nhi\u1ec1u cu\u1ed9c g\u1eb7p m\u1eb7t \u0111\u01b0\u1ee3c ghi nh\u1eadn gi\u1eefa Rithy Raksmei v\u00e0 Th\u1ee7 t\u01b0\u1edbng \u0111\u01b0\u01a1ng nhi\u1ec7m c\u1ee7a Campuchia, Hun Manet, th\u00e1ng 12\/2021.<em> Ngu\u1ed3n: Facebook.<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p>V\u00e0o th\u00e1ng 2 n\u0103m 2026, V\u0103n ph\u00f2ng Ph\u00f2ng ch\u1ed1ng R\u1eeda ti\u1ec1n (AMLO) v\u00e0 T\u00f2a \u00e1n D\u00e2n s\u1ef1 Th\u00e1i Lan \u0111\u00e3 ban h\u00e0nh l\u1ec7nh t\u1ea1m th\u1eddi <strong>t\u1ecbch thu t\u00e0i s\u1ea3n tr\u1ecb gi\u00e1 13,07 t\u1ef7 THB (kho\u1ea3ng 407 tri\u1ec7u USD)<\/strong> li\u00ean quan \u0111\u1ebfn Yim Leak, Kok An v\u00e0 c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng kh\u00e1c trong khu\u00f4n kh\u1ed5 c\u00e1c cu\u1ed9c \u0111i\u1ec1u tra v\u1ec1 ho\u1ea1t \u0111\u1ed9ng l\u1eeba \u0111\u1ea3o c\u00f4ng ngh\u1ec7 cao xuy\u00ean qu\u1ed1c gia.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ho\u1ea1t \u0111\u1ed9ng dai d\u1eb3ng v\u00e0 kh\u1ea3 n\u0103ng th\u00edch \u1ee9ng<\/h2>\n\n\n\n<p>H\u1ea1 t\u1ea7ng \u0111\u1ed9c h\u1ea1i c\u1ee7a nh\u00f3m t\u00e1c nh\u00e2n n\u00e0y v\u1eabn \u0111ang ho\u1ea1t \u0111\u1ed9ng v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i c\u1ef1c cao. T\u1ea1i th\u1eddi \u0111i\u1ec3m vi\u1ebft b\u00e1o c\u00e1o, h\u00e0ng tr\u0103m t\u00ean mi\u1ec1n \u0111ang h\u1ed7 tr\u1ee3 nhi\u1ec1u chi\u1ebfn d\u1ecbch di\u1ec5n ra \u0111\u1ed3ng th\u1eddi tr\u00ean c\u1ea3 ba ch\u00e2u l\u1ee5c. C\u00e1c ho\u1ea1t \u0111\u1ed9ng li\u00ean quan \u0111\u1ebfn h\u1ea1 t\u1ea7ng n\u00e0y li\u00ean t\u1ee5c bi\u1ebfn \u0111\u1ed5i v\u00e0 m\u1edf r\u1ed9ng, duy tr\u00ec c\u00e1c chi\u1ebfn d\u1ecbch quy m\u00f4 l\u1edbn nh\u1eafm v\u00e0o c\u00e1c qu\u1ed1c gia nh\u01b0 Th\u00e1i Lan, Indonesia, Philippines v\u00e0 <strong>Vi\u1ec7t Nam<\/strong>, \u0111\u1ed3ng th\u1eddi \u0111ang \u0111a d\u1ea1ng h\u00f3a m\u1ee5c ti\u00eau sang khu v\u1ef1c Ch\u00e2u Phi v\u00e0 M\u1ef9 Latinh.<\/p>\n\n\n\n<p>Ho\u1ea1t \u0111\u1ed9ng gi\u00e1m s\u00e1t li\u00ean t\u1ee5c cho th\u1ea5y vi\u1ec7c xoay v\u00f2ng t\u00ean mi\u1ec1n (domain rotation) di\u1ec5n ra b\u1ec1n b\u1ec9 th\u00f4ng qua c\u00e1c thu\u1eadt to\u00e1n RDGA v\u00e0 \u0111\u0103ng k\u00fd t\u00ean mi\u1ec1n gi\u1ea3 m\u1ea1o m\u1edbi, ch\u1ee9ng t\u1ecf nhu c\u1ea7u kh\u00f4ng ng\u1eebng t\u1eeb c\u00e1c m\u1ea1ng l\u01b0\u1edbi t\u1ed9i ph\u1ea1m trong khu v\u1ef1c. C\u00e1c chuy\u00ean gia c\u0169ng ghi nh\u1eadn vi\u1ec7c t\u00edch h\u1ee3p li\u00ean t\u1ee5c c\u00e1c m\u1ed3i nh\u1eed m\u1edbi c\u00f9ng v\u1edbi vi\u1ec7c t\u00e1i s\u1eed d\u1ee5ng c\u00e1c t\u00ean mi\u1ec1n c\u0169 \u0111\u1ec3 ph\u1ee5c v\u1ee5 cho c\u00e1c chi\u1ebfn d\u1ecbch m\u1edbi.<\/p>\n\n\n\n<p>H\u00ecnh 23 minh h\u1ecda c\u1ee5 th\u1ec3 s\u1ef1 thay \u0111\u1ed5i n\u00e0y: m\u1ed9t t\u00ean mi\u1ec1n t\u1eeb m\u1ed3i nh\u1eed m\u1ea1o danh ch\u00ednh ph\u1ee7 Philippines \u0111\u00e3 chuy\u1ec3n sang nh\u1eafm v\u00e0o kh\u00e1ch h\u00e0ng c\u1ee7a m\u1ed9t ng\u00e2n h\u00e0ng t\u1ea1i Ma-r\u1ed1c; hay m\u1ed9t t\u00ean mi\u1ec1n kh\u00e1c v\u1ed1n d\u00f9ng cho l\u1eeba \u0111\u1ea3o \u0111\u1ea7u t\u01b0 t\u1ea1i Th\u00e1i Lan \u0111\u00e3 \u0111\u01b0\u1ee3c thay \u0111\u1ed5i m\u1ee5c \u0111\u00edch \u0111\u1ec3 m\u1ea1o danh ch\u00ednh ph\u1ee7 Philippines nh\u1eb1m ph\u00e1t t\u00e1n t\u1ec7p APK \u0111\u1ed9c h\u1ea1i.<\/p>\n\n\n<style>.kb-image5802_8855e7-c6.kb-image-is-ratio-size, .kb-image5802_8855e7-c6 .kb-image-is-ratio-size{max-width:760px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_8855e7-c6.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image5802_8855e7-c6 .kb-image-is-ratio-size{align-self:unset;}.kb-image5802_8855e7-c6 figure{max-width:760px;}.kb-image5802_8855e7-c6 .image-is-svg, .kb-image5802_8855e7-c6 .image-is-svg img{width:100%;}.kb-image5802_8855e7-c6 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<div class=\"wp-block-kadence-image kb-image5802_8855e7-c6\"><figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"693\" src=\"https:\/\/chongluadao.vn\/blog\/wp-content\/uploads\/2026\/04\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers-figure23.png\" alt=\"\" class=\"kb-img wp-image-5837\"\/><figcaption><strong>H\u00ecnh 23.<\/strong> (Tr\u00ean) V\u00ed d\u1ee5 v\u1ec1 vi\u1ec7c thay \u0111\u1ed5i m\u1ed3i nh\u1eed t\u1eeb m\u1ea1o danh ch\u00ednh ph\u1ee7 Philippines tr\u00ean trang egov.nbsvgo[.]cc sang nh\u1eafm v\u00e0o kh\u00e1ch h\u00e0ng m\u1ed9t ng\u00e2n h\u00e0ng Ma-r\u1ed1c. (D\u01b0\u1edbi) T\u00ean mi\u1ec1n vsgo[.]cc t\u1eebng d\u00f9ng \u0111\u1ec3 l\u1eeba \u0111\u1ea3o \u0111\u1ea7u t\u01b0 m\u1ea1o danh Vi\u1ec7n T\u00e0i ch\u00ednh Ch\u1ee9ng nh\u1eadn (CFI) t\u1ea1i Th\u00e1i Lan, nay \u0111\u01b0\u1ee3c t\u00e1i s\u1eed d\u1ee5ng \u0111\u1ec3 m\u1ea1o danh ch\u00ednh ph\u1ee7 Philippines nh\u1eb1m ph\u00e1t t\u00e1n APK \u0111\u1ed9c h\u1ea1i.<\/figcaption><\/figure><\/div>\n\n\n\n<p>Nghi\u00ean c\u1ee9u c\u1ee7a nh\u00f3m \u0111i\u1ec1u tra cho th\u1ea5y s\u1ef1 nh\u1ea1y b\u00e9n v\u00e0 linh ho\u1ea1t c\u1ee7a c\u00e1c nh\u00f3m t\u1ed9i ph\u1ea1m t\u1ea1i c\u00e1c trung t\u00e2m l\u1eeba \u0111\u1ea3o trong vi\u1ec7c nhanh ch\u00f3ng \u0111\u01b0a c\u00e1c c\u00f4ng c\u1ee5 s\u1eb5n c\u00f3 v\u00e0o v\u1eadn h\u00e0nh th\u1ef1c t\u1ebf. V\u1edbi ngu\u1ed3n nh\u00e2n l\u1ef1c \u0111a ng\u00f4n ng\u1eef d\u1ed3i d\u00e0o, n\u0103ng l\u1ef1c k\u1ef9 thu\u1eadt ng\u00e0y c\u00e0ng t\u0103ng v\u00e0 l\u1ee3i nhu\u1eadn kh\u1ed5ng l\u1ed3, ch\u00fang kh\u00f4ng ch\u1ec9 \u00e1p d\u1ee5ng m\u00e0 c\u00f2n t\u00f9y bi\u1ebfn v\u00e0 th\u01b0\u01a1ng m\u1ea1i h\u00f3a m\u00e3 \u0111\u1ed9c, h\u1ea1 t\u1ea7ng c\u00f9ng c\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng social engineering th\u00e0nh nh\u1eefng m\u00f4 h\u00ecnh t\u1ea5n c\u00f4ng linh ho\u1ea1t v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng cao.<\/p>\n\n\n\n<p>Nh\u1eefng g\u00ec \u0111ang hi\u1ec7n h\u1eefu l\u00e0 m\u1ed9t h\u1ec7 sinh th\u00e1i nhanh nh\u1ea1y, mang t\u00ednh th\u1eed nghi\u1ec7m v\u00e0 \u0111\u01b0\u1ee3c th\u00fac \u0111\u1ea9y m\u1ea1nh m\u1ebd b\u1edfi l\u1ee3i \u00edch th\u01b0\u01a1ng m\u1ea1i, n\u01a1i c\u00e1c c\u00f4ng c\u1ee5 li\u00ean t\u1ee5c \u0111\u01b0\u1ee3c t\u00e1i s\u1eed d\u1ee5ng, c\u1ea3i ti\u1ebfn v\u00e0 t\u00e1i tri\u1ec3n khai \u0111\u1ec3 t\u1ed1i \u0111a h\u00f3a ph\u1ea1m vi ti\u1ebfp c\u1eadn v\u00e0 l\u1ee3i nhu\u1eadn. Trong m\u00f4i tr\u01b0\u1eddng n\u00e0y, s\u1ef1 \u201c\u0111\u1ed5i m\u1edbi&#8221; kh\u00f4ng ph\u1ea3i l\u00e0 r\u00e0o c\u1ea3n m\u00e0 l\u00e0 ti\u00eau chu\u1ea9n c\u01a1 b\u1ea3n, cho ph\u00e9p c\u00e1c m\u1ea1ng l\u01b0\u1edbi n\u00e0y duy tr\u00ec v\u00e0 m\u1edf r\u1ed9ng c\u00e1c ho\u1ea1t \u0111\u1ed9ng l\u1eeba \u0111\u1ea3o \u0111a th\u1ecb tr\u01b0\u1eddng ph\u1ee9c t\u1ea1p v\u1edbi t\u1ed1c \u0111\u1ed9 c\u1ef1c nhanh.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><em>B\u00e0i vi\u1ebft n\u00e0y l\u00e0 s\u1ea3n ph\u1ea9m h\u1ee3p t\u00e1c gi\u1eefa Infoblox Threat Intel v\u00e0 Ch\u1ed1ng L\u1eeba \u0110\u1ea3o. To\u00e0n b\u1ed9 ph\u00e2n t\u00edch k\u1ef9 thu\u1eadt v\u00e0 b\u1eb1ng ch\u1ee9ng h\u00ecnh \u1ea3nh c\u00f3 ngu\u1ed3n g\u1ed1c t\u1eeb nghi\u00ean c\u1ee9u chung c\u1ee7a hai t\u1ed5 ch\u1ee9c. B\u00e0i vi\u1ebft g\u1ed1c: <a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/scams-slaves-and-malware-as-a-service-tracking-a-trojan-to-cambodias-scam-centers\/\" target=\"_blank\" rel=\"noopener\">Infoblox Blog<\/a>.<\/em><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>T\u1eeb m\u1ed9t n\u1ec1n t\u1ea3ng MaaS, Ch\u1ed1ng L\u1eeba \u0110\u1ea3o v\u00e0 Infoblox \u0111\u00e3 h\u1ee3p t\u00e1c \u0111i\u1ec1u tra truy v\u1ebft \u0111\u1ebfn c\u00e1c trung t\u00e2m l\u1eeba \u0111\u1ea3o t\u1ea1i Campuchia. [&#8230;]<span class=\"screen-reader-text\"> from L\u1eeba \u0111\u1ea3o, n\u00f4 l\u1ec7 v\u00e0 MaaS: Truy v\u1ebft Trojan \u0111\u1ebfn c\u00e1c trung t\u00e2m l\u1eeba \u0111\u1ea3o t\u1ea1i Campuchia<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":5805,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5802","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/posts\/5802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/comments?post=5802"}],"version-history":[{"count":16,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/posts\/5802\/revisions"}],"predecessor-version":[{"id":5846,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/posts\/5802\/revisions\/5846"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/media\/5805"}],"wp:attachment":[{"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/media?parent=5802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/categories?post=5802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chongluadao.vn\/blog\/wp-json\/wp\/v2\/tags?post=5802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}