52岁的Ambar Nigrum在印度尼西亚日惹的一名慈善机构会计师，收到“税务局”冒充者的更新信息请求后，点击了一个链接并安装了伪装成政府税务应用的程序。该应用在她未察觉的情况下采集了指纹、银行账户、相机、照片、麦克风、联系人和备忘录；之后超过4.5亿印尼盾（约26,500美元）被盗，约等于10名员工一年的工资。

这起案件显示，诈骗正从低技术、耗时较长的“投资/浪漫”引诱转向高自动化、低延迟的传播型攻击。该窃取者可快速横向扩散至受害者通讯录中的所有联系人，从周转效率看，攻击规模远超传统“逐一培育”模式。

报告将该骗局置于持续升级的地区犯罪格局中：木马追踪显示至少从2023年起在运行，覆盖20多个国家；联合国估计相关网络犯罪产业每年可达5,000亿美元，规模已与非法毒品贸易可比，且至少有数十万人被迫为犯罪团伙提供劳动力，说明其组织化和劳动力动员效应在上升。

Ambar Nigrum, a 52-year-old accountant in Yogyakarta, Indonesia, followed a link from someone claiming to be from the tax office, installed a fake government tax app, and unknowingly exposed her thumbprint, bank accounts, camera, photos, microphone, contacts, and notes. Criminals then stole more than 450 million rupiah (about $26,500), an amount equivalent to one year of salaries for 10 staff members.

Investigators describe a clear trend shift: instead of low-tech scams such as investment or romance frauds that require weeks or months of grooming, attackers now deploy spyware through contact-chain propagation, making the attack much faster and potentially scalable to millions of devices. The Infoblox-detected spyware linked to this case appears to have operated since at least 2023, was used across more than 20 countries, and is supplied by Chinese-speaking vendors via platforms like Telegram rather than built in-house.

Southeast Asia’s cyber-fraud industry is estimated to generate over $500 billion annually, on par with illegal-drug trade, and is concentrated in heavily guarded compounds in places such as Cambodia and Myanmar. UN figures that gang leaders have forced hundreds of thousands into this work, while criminals continue role-switching across borders (Indonesian tax officers, South Korean immigration staff, South African police, India Supreme Court staff), and now testing AI chatbots, deepfake voices, and facial-recognition evasion, suggesting future malware waves may be harder to detect and more convincing.

Source: Scam Inc has a new weapo

Subtitle: For the first time, investigators have traced spyware to its physical origin—revealing new types of duplicity

Dateline: 4月 16, 2026 04:16 上午