​Nearly 3,200 foreigners expelled from Cambodia in first 8 days of February​

Tycoon Ly Kuong, 50, has been detained in prison by the Phnom Penh court, accused of being involved in technology fraud, money laundering, human trafficking and using casinos and hotels to lure victims into cyberscams

Cambodia has frozen sales of luxury properties by a U.S.-sanctioned conglomerate after its founder was extradited to China and charged by Washington for allegedly running multibillion-dollar transnati...

With tech money flooding Washington, it’s fallen to California lawmakers and others to bring transparency to the industry. Here’s how they’re approaching this task.

 A recent investigation by Gen Digital’s Gen Threat Labs has brought attention to AuraStealer, a newly emerging malware-as-a-service offering that has begun circulating widely across underground cybercrime communities. First observed in mid-2025, the malware is being promoted as a powerful data-stealing tool capable of compromising a broad range of Windows operating systems. Despite its growing visibility, researchers caution that AuraStealer’s technical sophistication does not always match the claims made by its developers.  Unlike conventional malware campaigns that rely on covert infection techniques such as malicious email attachments or exploit kits, AuraStealer employs a strategy that places users at the center of their own compromise. This approach, described as “scam-yourself,” relies heavily on social engineering rather than stealth delivery. Threat actors distribute convincing video content on popular social platforms, particularly TikTok, presenting the malware execution process as a legitimate software activation tutorial.  These videos typically promise free access to paid software products. Viewers are guided through step-by-step instructions that require them to open an administrative PowerShell window and manually enter commands shown on screen. Instead of activating software, the commands quietly retrieve and execute AuraStealer, granting attackers access to the victim’s system without triggering traditional download-based defenses.  From an analysis perspective, AuraStealer incorporates multiple layers of obfuscation designed to complicate both manual and automated inspection. The malware disrupts straightforward code execution paths by dynamically calculating control flow at runtime, preventing analysts from easily tracing its behavior. It also leverages exception-based execution techniques, intentionally generating system errors that are intercepted by custom handlers to perform malicious actions. These tactics are intended to confuse security sandboxes and delay detection.  Functionally, AuraStealer targets a wide range of sensitive information. Researchers report that it is designed to harvest data from more than a hundred web browsers and dozens of desktop applications. Its focus includes credentials stored in both Chromium- and Gecko-based browsers, as well as data associated with cryptocurrency wallets maintained through browser extensions and standalone software.  One of the more concerning aspects of the malware is its attempt to circumvent modern browser protections such as Application-Bound Encryption. The malware tries to launch browser processes in a suspended state and inject code capable of extracting encryption keys. However, researchers observed that this technique is inconsistently implemented and fails across multiple environments, suggesting that the malware remains technically immature.  Despite being sold through subscription-based pricing that can reach several hundred dollars per month, AuraStealer contains notable weaknesses. Analysts found that its aggressive obfuscation introduces detectable patterns and that coding errors undermine its ability to remain stealthy. These shortcomings provide defenders with opportunities to identify and block infections before significant damage occurs.  While AuraStealer is actively evolving and backed by ongoing development, its emergence highlights a broader trend toward manipulation-driven cybercrime. Security professionals continue to emphasize that any online tutorial instructing users to paste commands into a system terminal in exchange for free software should be treated as a significant warning sign.

Scam compounds in the Mekong region are transnational organized crime networks that operate as multinational corporations with internal management hierarchies, surveillance systems, and forced-labor regimes.

Thai forces have bombed casinos and hotels allegedly used for transnational scams, including to target Americans.

A mysterious South African took over a sovereign nation, armed with a flood of untraceable wealth from scam compounds enslaving thousands. This is the story of how Chinese organized crime captured Tha...

YouTube video by B.C. Begley

Prosecutors in Taiwan, Hong Kong and Singapore seized hundreds of millions of dollars in assets belonging to a Cambodian businessman whom the U.S. accuses of heading a global scam syndicate.

Prosecutors in Taiwan, Hong Kong and Singapore seized hundreds of millions of dollars in assets belonging to a Cambodian businessman whom the U.S. accuses of heading a global scam syndicate.

Ministry of Justice Investigation Bureau/AP