We all know somebody who's been affected by an online scam - from romance and investment to more elaborate impersonation schemes. Scams like this are immensely lucrative, and usually run from South East Asia. But recently, pig butchering has expanded from coordinated scamming to an industry of its own.

Enterprising criminals have built SaaS scam turnkey solutions. Others created online marketplaces dedicated to supporting scams - one stop shops for buying social media accounts, pictures, SIM cards, and ready-made scam sites. Some groups even offer registered corporations with valid business licenses. This ecosystem has supercharged the raging billion-dollar scam epidemic, empowering anyone to become a scammer.

We call this Pig Butchering as a Service (PbaaS), and reveal in this paper the unique techniques and products offered on the fraud markets

https://www.infoblox.com/blog/threat-intelligence/scaling-the-fraud-economy-pig-butchering-as-a-service/

#infoblox #infobloxthreatintel #scams #crypto #fraud #pigbutchering #shazhupan #threatintel

When your "privacy browser" comes with a built-in surveillance suite, it's probably not about privacy.  Our latest research, in collaboration with UNODC, exposes Vault Viper. You might recognize them as "Baoying Group". They are running one of Asia's largest iGaming networks, BBIN, servicing scam centres and cyber-enabled fraud networks across the region.

At the center is the Universe Browser, promoted as a "privacy" and "anti-censorship" tool for illegal online gambling. In reality, it's a high-risk surveillance and exploitation platform designed to bypass detections, proxy access, and maintain persistent access across what we estimate to be millions of devices.

DNS analysis from Infoblox reveals tens of thousands of domains tied to Vault Viper's vast infrastructure, exposing a unique DNS fingerprint and operational control over their own corner of the internet.

But the story does not end here:  BBIN is linked to dozens of commercial ventures - they even had their own airline !  

👉 Read the full report here : https://blogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/

👉 We spoke to Wired to explain how cybercrime evolved : https://www.wired.com/story/universe-browser-malware-gambling-networks/

#CyberThreatIntel #Infoblox #DNS #VaultViper #riskware #Cybercrime #SoutheastAsia #threatintel #threatintelligence #cybersecurity #infosec #infobloxthreatintel #scam #tds #shazhupan #pigbutchering #malware

Pig butchering scams - also called sha zhu pan - have gained a lot of attention over the last few years. People know these investment scams are connected to human trafficking, but it is less recognized how they relate to illegal gambling and offshore shell companies.

All of this fuels a massive criminal economy.

Thankfully, long-con scam operations on the internet often leave a strong DNS fingerprint. This enables us to connect physically identified scam compounds to domains - it's always the DNS! ;)

https://blogs.infoblox.com/threat-intelligence/pig-butchering-scams-and-their-dns-trail-linking-thr…

#dns #threatintelligence #shazhupan #crypto #cybersecurity #threatintel #pigbutchering #scam #infoblox

This would be fun, if I didn't know that the person on the other end is most likely not a willing grifter, but someone enslaved by the actual grifters.

#shazhupan

Sophos X-Ops has uncovered new insights into the evolving tactics deployed by pig butchering scammers.

X-Ops encountered a #shazhupan #pigbutchering ring that is using generative text AI chat to communicate with its targets. Sophos’
@jag_chandra also found multiple additional fake crypto apps used by these rings that got past Apple and Google App Store review.

#shazhupan #cryptoscams #scambaiting #emptiness

Today, I got a video call on Telegram from my scammer. She is the person, or at least is visually very close to, the person in all the photos I've been getting. It was clear from the white background and other factors that she was in an office , probably in a booth designed for such calls. She mostly wanted to talk about whether I had downloaded the wallet and if I was ready for her to "teach" me how to invest.

I sent fake screenshots showing I had bought 2200 USDT (I bought 2 to get the proper layout for the balance screen). After it was done, I had the wallet addresses associated with this particular scam, and finally had the last of my IoCs. But I felt emotionally void. What a life these scammers must lead,.

I cannot tell from demeanor whether the scammer is one of those who have had their passports taken away by the gangs that run these scams in Cambodia or if she was an entrepeneur. Her English was good and not accented, and did not match the English usage of some of the chat messages, so I have some indication that this is a farm operation.

I will say that it appears at least one of the wallets involved in this scam, which is only a month or so old, has had$1.8 m worth of crypto flow through it. So there are still a lot of people falling for these scams, More to come as I get my report ready for publication.