InfoSecBulletin Cybersecurity for mankind
Cybersecurity firm Sophos has uncovered a pig-butchering ring that managed to steal over $1 million from its victims in just three months.
Translated from Chinese as “shā zhū pán,” this intriguing term describes a captivating blend of romance and fraud, skillfully coaxing victims into investing in deceptive cryptocurrency ventures.
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
An investigation was launched by Sophos following a courageous step from one of the victims, known as “Frank,” who chose to remain anonymous to safeguard his identity.
Frank claimed that he had suffered a significant financial loss of $22,000 earlier this year. He tragically fell victim to a deceitful individual who identified themselves as a German woman named “Vivian” on the dating application MeetMe.
Sophos’ researchers found 14 domains related to a scam operation. They also discovered many similar fraudulent websites. These websites were used by a group of pig butchers to make over $1 million in three months.
For weeks, Frank and Vivian, who was actually a scammer working for the ring, had frequent communication on MeetMe. Vivian, who claimed to be a US resident, persistently blended her romantic commitments with relentless efforts to persuade Frank into investing in cryptocurrency.
From May 31st to June 5th, Frank diligently deposited funds into his Trust Wallet account. Despite being a legitimate service, the pig butchers managed to deplete the funds in just three days. According to Sophos, these scams thrive due to the unregulated environment of decentralized finance (DeFi) cryptocurrency trading applications.
Sophos says that these applications establish “liquidity pools” consisting of different cryptocurrencies, which users can utilize to execute trades between different cryptocurrencies. By participating in the pool, you are entitled to a percentage of the fees generated from each trade, which offers a truly enticing return on your investment.
However, the true test lies at the moment when the investor finalizes an online smart contract – typically granting pool operators authorization to access wallets for trade facilitation purposes.
While it’s great to have a pool that operates legitimately, unfortunately, this one did not.
Sophos stated that pig butchers are using fake pools more and more to steal funds from their targets, employing a similar modus operandi. However, unlike legitimate pools, these scammers eventually deceive others and selfishly drain the entire liquidity pool.
