InfoSecBulletin Cybersecurity for mankind
Cybersecurity firm Sophos has uncovered a pig-butchering ring that managed to steal over $1 million from its victims in just three months.
Translated from Chinese as “shā zhū pán,” this intriguing term describes a captivating blend of romance and fraud, skillfully coaxing victims into investing in deceptive cryptocurrency ventures.
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
An investigation was launched by Sophos following a courageous step from one of the victims, known as “Frank,” who chose to remain anonymous to safeguard his identity.
Frank claimed that he had suffered a significant financial loss of $22,000 earlier this year. He tragically fell victim to a deceitful individual who identified themselves as a German woman named “Vivian” on the dating application MeetMe.
Sophos’ researchers found 14 domains related to a scam operation. They also discovered many similar fraudulent websites. These websites were used by a group of pig butchers to make over $1 million in three months.
For weeks, Frank and Vivian, who was actually a scammer working for the ring, had frequent communication on MeetMe. Vivian, who claimed to be a US resident, persistently blended her romantic commitments with relentless efforts to persuade Frank into investing in cryptocurrency.
From May 31st to June 5th, Frank diligently deposited funds into his Trust Wallet account. Despite being a legitimate service, the pig butchers managed to deplete the funds in just three days. According to Sophos, these scams thrive due to the unregulated environment of decentralized finance (DeFi) cryptocurrency trading applications.
Sophos says that these applications establish “liquidity pools” consisting of different cryptocurrencies, which users can utilize to execute trades between different cryptocurrencies. By participating in the pool, you are entitled to a percentage of the fees generated from each trade, which offers a truly enticing return on your investment.
However, the true test lies at the moment when the investor finalizes an online smart contract – typically granting pool operators authorization to access wallets for trade facilitation purposes.
While it’s great to have a pool that operates legitimately, unfortunately, this one did not.
Sophos stated that pig butchers are using fake pools more and more to steal funds from their targets, employing a similar modus operandi. However, unlike legitimate pools, these scammers eventually deceive others and selfishly drain the entire liquidity pool.
