InfoSecBulletin Cybersecurity for mankind
Cybersecurity firm Sophos has uncovered a pig-butchering ring that managed to steal over $1 million from its victims in just three months.
Translated from Chinese as “shā zhū pán,” this intriguing term describes a captivating blend of romance and fraud, skillfully coaxing victims into investing in deceptive cryptocurrency ventures.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
An investigation was launched by Sophos following a courageous step from one of the victims, known as “Frank,” who chose to remain anonymous to safeguard his identity.
Frank claimed that he had suffered a significant financial loss of $22,000 earlier this year. He tragically fell victim to a deceitful individual who identified themselves as a German woman named “Vivian” on the dating application MeetMe.
Sophos’ researchers found 14 domains related to a scam operation. They also discovered many similar fraudulent websites. These websites were used by a group of pig butchers to make over $1 million in three months.
For weeks, Frank and Vivian, who was actually a scammer working for the ring, had frequent communication on MeetMe. Vivian, who claimed to be a US resident, persistently blended her romantic commitments with relentless efforts to persuade Frank into investing in cryptocurrency.
From May 31st to June 5th, Frank diligently deposited funds into his Trust Wallet account. Despite being a legitimate service, the pig butchers managed to deplete the funds in just three days. According to Sophos, these scams thrive due to the unregulated environment of decentralized finance (DeFi) cryptocurrency trading applications.
Sophos says that these applications establish “liquidity pools” consisting of different cryptocurrencies, which users can utilize to execute trades between different cryptocurrencies. By participating in the pool, you are entitled to a percentage of the fees generated from each trade, which offers a truly enticing return on your investment.
However, the true test lies at the moment when the investor finalizes an online smart contract – typically granting pool operators authorization to access wallets for trade facilitation purposes.
While it’s great to have a pool that operates legitimately, unfortunately, this one did not.
Sophos stated that pig butchers are using fake pools more and more to steal funds from their targets, employing a similar modus operandi. However, unlike legitimate pools, these scammers eventually deceive others and selfishly drain the entire liquidity pool.
