Chinese nationals are arrested during a police raid on suspicion of running an online love scam syndicate that ensnared hundreds of victims, in Indonesia’s Riau Islands province. —Photo by STR/AFP via Getty Images
For the past few years, it’s escaped no one that levels of Internet and telephone fraud have skyrocketed. One in four adults worldwide lost money to scams last year, according to the Global Anti-Scam Alliance NGO, while 13% encountered an attempted scam at least once a day. Globally, over $1 trillion is lost to online fraud annually in what the U.N. has dubbed a “scamdemic.”
The vast majority originates from Southeast Asia, where some 300,000 people from over 65 countries have been trafficked into fortified compounds predominantly in Myanmar, Laos, and Cambodia. From these “scam prisons,” victims are forced to orchestrate romance-investment cons, crypto fraud, money laundering, and illegal gambling. In Cambodia alone, online fraud is estimated to generate $12.5 billion annually, or half the country’s formal GDP, according to a 2024 estimate by the U.S. Institute of Peace. It’s little wonder the war-ravaged nation of 18 million has earned a snide moniker: “Scambodia.”
However, recent law enforcement crackdowns and greater awareness of scamming tactics means that “pig-butchering” operations—the term stems from fattening a hog for slaughter—have become much more sophisticated and professional. It’s a shift highlighted by a new report released TK by California-based cybersecurity firm InfoBlox, which reveals how scam compounds have pivoted from duping unwitting individuals to dispatching revolutionary remote access trojans that function like surveillance software with complete device control. This malware gives full monitoring of victims’ activities—messages, photos, notes, etc.—can exfiltrate all personal and sensitive data, grant attackers complete access to devices, and can even install secondary malicious programs after infection.
InfoBlox says these trojans have already targeted at least 20 countries across the globe—everywhere from the Philippines and Morocco to Brazil—but affect a much broader global pool of potentially millions of devices. By impersonating trusted entities—including tax offices, police, airlines, and banks—the scammers share fake or modified apps to bypass security and drain victims’ bank accounts. These are typically on the Android operating system and downloaded from app interfaces that closely mimic official platforms like Google Play. These are no longer simple scams: It’s a scalable, industrialized cybercrime ecosystem that combines malware, social engineering, organized crime, and political protection.
“You’ve had this professionalization of fraud,” says Jeremy Douglas, deputy director of Operations at the UNODC. “This is the future of the scam business.”
At the same time, the AI revolution that had already upended every industry is lending a helping hand to these scams: Firstly, by generating bespoke scam scripts, translating cons into a variety of languages, and creating fake photos and videos to more convincingly dupe victims. Secondly, AI is displacing swathes of entry-level tech jobs, with hiring by big tech companies halving over the past three years, meaning there’s no shortage of willing recruits with the talent and wherewithal to wreak havoc across the globe.
“AI is making it harder and harder for people to get a job, especially those with a criminal background,” says Hieu Minh Ngo, a Vietnamese former hacker turned cybersecurity specialist who founded the non-profit Chong Lua Dao, or Scam Fighters, and collaborated with InfoBlox for its report. “Before, people got trafficked against their will to scam compounds. Nowadays, people go there willingly to work.”
What is emerging is a “perfect storm,” says Douglas, where AI tools, advanced malware, and economic doldrums combine to catalyse exponentially more damaging and capable industrial scale fraud. “It is much more sophisticated than it was three years ago,” he says. “They’re making so much money they can reinvest in new tech to push the scams harder and faster globally.”
The scamdemic has its roots in illicit gambling, which has long been run by Chinese organized crime syndicates. But when the physical casinos along China’s periphery were shuttered by the COVID-19 pandemic, these “Triad” gangs used the same illicit communications systems used to facilitate online betting to convert derelict casinos into scamming hubs.
At the outset, scams were typically long cons, whereby “dog pushers”—as the lowly scammers are known—would spend weeks and even months developing a rapport and earning trust of their marks, often romantically. Only then would they bring up the subject of money—usually some crypto investment scheme, which involved depositing cash into a compromised online wallet that after modest returns to encourage larger “investments” would eventually be siphoned away.
The new tactics are far swifter and more destructive. Often, a victim will receive a phone call from a scammer pretending to be from a trusted institution, such as a utilities company or law enforcement. At one six-story abandoned scam center in the Cambodian border town of O’Smach, investigators found rooms kitted out to resemble the offices of police forces from Australia, Brazil, Singapore, and China, complete with fake uniforms, insignia, and identity cards.
Under some guise of urgency—an unpaid fine or other transgression—the victim would be directed to download an app that closely mimics the institution’s real one. During the attack, a fake “know your customer” verification screen is shown and that data is harvested. In addition, biometric data such as facial recognition is secretly captured. The attackers then have access to everything on the victim’s phone, can intercept SMS one time password (OTP) codes, and use that info to log into their banking apps to empty their accounts.
“At that point, they can literally do whatever they want with you,” says John Wojcik, a senior threat researcher at Infoblox. “It’s really sophisticated stuff that’s expansive and aggressive. It’ll ruin your life.”
InfoBlox identified fake apps impersonating airlines, banks, insurance commission, government tourism authorities, and tax departments. While attacks are currently focused on financial fraud and draining the accounts of victims, InfoBlox says the level of access these trojans offer would allow expansion into extortion, blackmail, and corporate breaches including ransomware attacks on companies. It represents a stark shift from simple scams to highly organized, scalable cybercrime infrastructure, which is sold as “cybercrime-as-a-service” in Telegram chatrooms.
In addition, a February report by Washington-based non-profit C4ADS found that AI tools enable scammers to operate globally and at scale, with sophisticated AI chatbots helping scammers deceive targets, target more nationalities via fluent translation, and empowering bosses to control their trafficked workforce via AI-powered monitoring tools. Deceptive by Design: The AI-Enabled Tools Fueling the Scam Industry details how several purveyors of AI tools appear to be deliberately targeting scam compounds with bespoke capabilities tailored to their nefarious work.
“They’ll feed their scripts and have the AI tools generate what prompts to tell the victims,” says Jacob Sims, a visiting fellow focused on the global scam industry at Harvard University’s Asia Center. “They also use some open source AI platforms to develop their own custom tools that are actually built for purpose.”
C4ADS’s findings chime with the experiences of Nyuyen Van Luu, 28, a Vietnamese national who was rescued from a scam center near Cambodia’s border city of Poipet in March after being snared the previous May. When his family hit hard times, Nyuyen found a broker in Thailand on Telegram who offered $350,000 for his kidney. But after he travelled to Bangkok supposedly for the organ harvesting, he was instead spirited over the border to Cambodia, where he says a Chinese boss from Anhui province abruptly told him: “This is a scam center. The only options are to work here, be sold elsewhere, or call home to ransom you.”
Nyuyen tells TIME that AI tools were frequently used in his compound to edit scripts or create fake photos—pasting the face of a romance con “catfish” into a particular scenario, such as visiting famous tourist sites or riding in supercars or luxury yachts.
While pig butchering operations are veering toward the sophisticated and professional, horrendous abuses persist. Nyuyen’s compound was surrounded by a 12-ft wall of barbed wire and guard posts. It held around a thousand people split into three office buildings each with an attached dormitory, where each bedroom slept a dozen people. For those who met their targets, there were perks like KTV, bars, restaurants, a hospital, and even sex workers. However, those who failed to meet their targets were beaten, electrocuted in the face and genitals, and subjected to sexual assault including rape.
Military police examine computers, smartphones and other equipment seized during a raid on a scam centre in Kandal province, Cambodia on July 17, 2025 —STR/POOL/AFP via Getty Images
“I once witnessed someone beaten to death,” he recalls. “Two people hanged themselves by tying pieces of clothing together. Some committed suicide by taking pills. Those who died had their bodies dumped in the basement.”
Despite the depravity of his conditions, Nyuyen estimates that only 65-70% of people in his compound were trafficked, with the rest working out of choice. For while criminality and corruption may incubate the scamdemic, it is poverty that drives so many thousands into the clutches of these Triad gangs—whether knowingly or not. And Nyuyen has little doubt that state corruption allowed his compound to thrive.
“After three months, I contacted the Cambodian police and received no response,” says Nyugen. “Another friend did the same thing and was reported by the police and then tortured and sold elsewhere. When we moved from the old area to the new area of Poipet, there were police cars that escorted us away. It seems they made quite a bit of money from this.”
Cambodia’s government vehemently denies involvement with the scam industry. However, the U.S. Dismantle Foreign Scam Syndicates Act blames “corrupt local politicians” and “corrupt leaders in Cambodia, Laos and Burma” for the scamdemic, and InfoBlox’s own report echoes the testimony of victims like Nyugen who allege official complicity.
Late last year, several dog-pushers contacted Chong Lua Dao seeking rescue from the K99 Triumph City compound in Cambodia’s coastal resort town of Sihanoukville. K99 Triumph City is a cybercrime hub linked to the Vigorish Viper triad syndicate in Sihanoukville’s notorious Chinatown district, which comprises several heavily fortified casinos and scam compounds linked to a tight-knit cabal of politically connected insiders, including Cambodian political and military elites. Following the captives’ rescue from K99 Triumph City, they shared private chat logs, screenshots, and other data that confirmed a service-based malware distribution and scam operation was running on associated infrastructure.
According to official corporate registry filings obtained by InfoBlox, K99 Triumph City is owned by Cambodia’s K99 Group, a conglomerate consisting of a range of casino and online gambling operations, property development, and investment companies. The group is chaired by tycoon Rithy Raksmei, also known as Xie Liguang, who is related by marriage to Cambodian Senator Kok An, one of the country’s wealthiest men who is wanted by Thai authorities in connection with fraud and money laundering.
Both men are named in the U.S. Dismantle Foreign Scam Syndicates Act concerning foreign persons allegedly involved in transnational criminal syndicates. Also named in the legislation is Yim Leak, a former director at Royal Union Investment company and casino, which shares the K99 site, and is the son of Cambodian Deputy Prime Minister Yim Chhay Ly. In February, Thai authorities issued a temporary seizure of $400 million worth of assets linked to Yim Leak, Kok An, and other alleged kingpins owing to their suspected connection to transnational fraud.
After mounting international pressure, including U.K. and U.S. sanctions imposed in October against the alleged scamming kingpin Chen Zhi, Cambodia has promised to crack down on cybercrime. Chen, a Chinese-born businessman who built the vast Prince Group conglomerate in Cambodia, was extradited to China in January.
Since then, Cambodia claims to have closed 200 scam sites, deported 30,000 suspected foreign scammers, while 210,000 others voluntarily left the country. The scam industry would be eliminated by the end of April, officials claimed. “The scam network, what we call the black economy, is destroying our honest economy. It has put a bad reputation on Cambodia,” Prime Minister Hun Manet told AFP in February.
Sims remains skeptical, however. “The Cambodian government’s PR campaign has definitely stepped it up a notch,” he says. “It’s much more coherent, it’s less bombastic, and much more speaking the language of a sanitized international organization. But their actual behavior does not really look like a country that is trying in good faith to eliminate this, but more just protecting the interests of their chief patrons.”
In fact, experts believe that the Western sanctions and Chinese arrest warrants have simply made the scammers shift their focus from English and Chinese-speaking victims to those of the Global South. This is partly due to decreased culpability and the fact that people from across Latin America and Africa are believed to be less attuned to the risks and tactics of scammers and don’t have access to the most advanced security tools.
Douglas of the UNODC believes the focus on the Global South is also so the scammers can hone their malware on less prominent targets before unleashing refined versions on the corpulent West. “It’s in these environments where they can do a lot of testing and perfecting of the tool,” he says. “They can refine this malware and then shift it into the Global North, where they may hit Canadians or Americans or Europeans.”
Hieu has some simple advice for people to avoid being scammed by the new advanced malware: always ensure any app is installed from an official app store, never willingly approve “remote operation” privileges, and be very wary of downloading any .apk format file. Still, Hieu warns: “It’s getting more and more sophisticated all the time.”