Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. It is not new. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores – giving them greater apparent validity to targets.
The scam is a version of romance scam, where targets are befriended, lured in, persuaded to download a disguised malicious app, drawn into false cryptocurrency dealing, and defrauded. It’s a long game social engineering scam built on trust rather than fear, greed, or urgency.
It originated in China. When the Chinese authorities clamped down, the gangs decamped to places like Cambodia. Now, according to an analysis from Sophos, the gangs are well organized but as ugly as the scam. At the top of the hierarchy is the ‘head office’ which does supervision and money laundering.
The scam itself is subcontracted to affiliates, which have a front desk handling staffing, a tech team handling the technology involved, and a finance team looking after the money. Profits tend to be divided 60-40 – with 40% going to the head office.
At the bottom of the pile are the keyboarders who liaise with, and trick the targets. These are often victims themselves, sometimes foreigners lured into the process by the promise of earning money, and kept in the process by the threat of violence.
The new danger exposed by Sophos is not the scam (that’s not new) but the criminals’ success in getting malicious apps into the official app stores (Ace Pro and MBM_BitScan into the App Store, and BitScan into Google Play). This is not uncommon with Google Play, b ..
Support the originator by clicking the read the rest link below.
