Criminals Leverage “As-a-Service” Business Model with Sha Zhu Pan Kits, Globally Expanding Cryptocurrency Fraud

By Soko Directory Team / Published February 5, 2024 | 4:47 pm



invest in Bitcoin Sprout plant and bitcoin, growth of bitcoin crypto currency concept

Sophos has revealed how sha zhu pan scammers—those conducting elaborate, romance-based cryptocurrency fraud—are leveraging a business model similar to cybercrime “as-a-service” by selling sha zhu pan kits on the dark web, globally expanding to new markets.

Sophos details these advanced sha zhu pan operations [also known as pig butchering] in the article, “Cryptocurrency Scams Metastasize into New Forms.” Originating from organized crime gangs in China, the new kits provide the technical components needed to implement a specific pig butchering scheme called “DeFi savings.”

Criminals position DeFi savings scams as passive investment opportunities that are similar to money market accounts, oftentimes to people who have no understanding of crypto. Victims only need to connect their crypto wallet to a “brokerage account,” with the expectation that they will earn significant interest from their investment. In reality, victims are adding their crypto wallets to a fraudulent cryptocurrency trading pool, which the fraudsters then empty.

“When pig butchering first appeared during the time of the COVID pandemic, the technical aspects of the scams were still relatively primitive and required a lot of effort and guidance to successfully scam victims. Now, as the scams have become more successful and the fraudsters have refined their techniques, we’re seeing a similar evolution to what we’ve seen with ransomware and other types of cybercrime in the past: the creation of an as-a-service model. Pig butchering rings are creating ready-made DeFi app kits, which other cybercriminals can purchase on the dark web. As a result, new pig butchering rings that are unaffiliated with Chinese organized crime groups are appearing in areas like Thailand, West Africa, and even the U.S.

As with other types of commercialized cybercrime, these kits lower the entry barriers for cybercriminals interested in pig butchering and vastly expand the victim pool. Last year, pig butchering was already a multi-billion-dollar fraud phenomenon; sadly, the problem is likely only to grow exponentially this year,” said Sean Gallagher, principal threat researcher, at Sophos.

Sophos X-Ops has been tracking the evolution of pig butchering schemes for two years. The earliest iterations—dubbed by Sophos as “CryptoRom” scams—involved connecting with potential victims on dating apps and then convincing them to download fraudulent crypto trading applications from third-party sources. For iOS users, these scams required victims to download an elaborate workaround that allowed scammers to bypass security on victims’ devices and gain access to their wallets.

In 2022, the scammers continued to refine their operations, this time finding ways to bypass App Store review processes to sneak their fraudulent apps into the legitimate App Store and Google Play Store. This was also the year that a new scam pattern emerged: fake cryptocurrency trading pools [liquidity mining].

In 2023, Sophos X-Ops uncovered two vast pig butchering rings—one based out of Hong Kong and one based out of Cambodia. These rings leveraged legitimate crypto trading apps and created elaborate fake personas to lure victims and steal millions from them. Further investigation revealed that pig butchering operators were adding AI to their arsenal.

At the end of 2023, Sophos X-Ops uncovered a vast liquidity mining operation involving three separate Chinese organized crime rings targeting nearly 100 victims. During the investigation into this operation, Sophos X-Ops first noticed the availability of pig butchering scam kits.

In the most recent pig butchering operations that Sophos X-Ops has investigated, the fraudsters have removed any previous technological impediments, as well as significantly lowered the amount of social engineering required to steal from victims. In the DeFi savings schemes, victims now engage in fraudulent crypto trading through legitimate, well-known cryptocurrency apps and give [albeit unknowingly] the scammers direct access to their wallets. In addition, the scammers can conceal the wallet network that launders stolen crypto, making the scams harder for law enforcement to track.

“The DeFi savings scams are the culmination of two years of pig butcherers refining their operations. Gone are the days when scammers had to convince victims to download some strange app or transfer the crypto themselves into a soon-to-be-stolen digital wallet.

“The fraudsters have also learned how to better ‘market’ their schemes. They’re taking advantage of how liquidity mining pools operate to steal the funds by telling victims it’s a simple investment account. This is often an easier sell, especially since most people don’t understand the ins and outs of cryptocurrency trading and everything is done under the guise of trusted brands.

“In other words, it’s never been easier for people to fall victim to pig butchering, which means it’s never been more important to be aware that these scams exist—and know what to look out for,” said Gallagher.

Read Also: Sophos Maintains The Lead As The Only Endpoint Protection Platforms For The 14th Consecutive Time




About Soko Directory Team

Soko Directory is a Financial and Markets digital portal that tracks brands, listed firms on the NSE, SMEs and trend setters in the markets eco-system.Find us on Facebook: facebook.com/SokoDirectory and on Twitter: twitter.com/SokoDirectory

View other posts by Soko Directory Team


More Articles From This Author








Trending Stories










Other Related Articles










SOKO DIRECTORY & FINANCIAL GUIDE



ARCHIVES

2024
  • January 2024 (238)
  • February 2024 (227)
  • March 2024 (190)
  • April 2024 (133)
  • May 2024 (157)
  • June 2024 (145)
  • July 2024 (91)
  • 2023
  • January 2023 (182)
  • February 2023 (203)
  • March 2023 (322)
  • April 2023 (298)
  • May 2023 (268)
  • June 2023 (214)
  • July 2023 (212)
  • August 2023 (257)
  • September 2023 (237)
  • October 2023 (264)
  • November 2023 (286)
  • December 2023 (177)
  • 2022
  • January 2022 (293)
  • February 2022 (329)
  • March 2022 (358)
  • April 2022 (292)
  • May 2022 (271)
  • June 2022 (232)
  • July 2022 (278)
  • August 2022 (253)
  • September 2022 (246)
  • October 2022 (196)
  • November 2022 (232)
  • December 2022 (167)
  • 2021
  • January 2021 (182)
  • February 2021 (227)
  • March 2021 (325)
  • April 2021 (259)
  • May 2021 (285)
  • June 2021 (272)
  • July 2021 (277)
  • August 2021 (232)
  • September 2021 (271)
  • October 2021 (305)
  • November 2021 (364)
  • December 2021 (249)
  • 2020
  • January 2020 (272)
  • February 2020 (310)
  • March 2020 (390)
  • April 2020 (321)
  • May 2020 (335)
  • June 2020 (327)
  • July 2020 (333)
  • August 2020 (276)
  • September 2020 (214)
  • October 2020 (233)
  • November 2020 (242)
  • December 2020 (187)
  • 2019
  • January 2019 (251)
  • February 2019 (215)
  • March 2019 (283)
  • April 2019 (254)
  • May 2019 (269)
  • June 2019 (249)
  • July 2019 (335)
  • August 2019 (293)
  • September 2019 (306)
  • October 2019 (313)
  • November 2019 (362)
  • December 2019 (318)
  • 2018
  • January 2018 (291)
  • February 2018 (213)
  • March 2018 (275)
  • April 2018 (223)
  • May 2018 (235)
  • June 2018 (176)
  • July 2018 (256)
  • August 2018 (247)
  • September 2018 (255)
  • October 2018 (282)
  • November 2018 (282)
  • December 2018 (184)
  • 2017
  • January 2017 (183)
  • February 2017 (194)
  • March 2017 (207)
  • April 2017 (104)
  • May 2017 (169)
  • June 2017 (205)
  • July 2017 (189)
  • August 2017 (195)
  • September 2017 (186)
  • October 2017 (235)
  • November 2017 (253)
  • December 2017 (266)
  • 2016
  • January 2016 (164)
  • February 2016 (165)
  • March 2016 (189)
  • April 2016 (143)
  • May 2016 (245)
  • June 2016 (182)
  • July 2016 (271)
  • August 2016 (247)
  • September 2016 (233)
  • October 2016 (191)
  • November 2016 (243)
  • December 2016 (153)
  • 2015
  • January 2015 (1)
  • February 2015 (4)
  • March 2015 (164)
  • April 2015 (107)
  • May 2015 (116)
  • June 2015 (119)
  • July 2015 (145)
  • August 2015 (157)
  • September 2015 (186)
  • October 2015 (169)
  • November 2015 (173)
  • December 2015 (205)
  • 2014
  • March 2014 (2)
  • 2013
  • March 2013 (10)
  • June 2013 (1)
  • 2012
  • March 2012 (7)
  • April 2012 (15)
  • May 2012 (1)
  • July 2012 (1)
  • August 2012 (4)
  • October 2012 (2)
  • November 2012 (2)
  • December 2012 (1)
  • 2011
    2010
    2009
    2008
    2007
    2006
    2005
    2004
    2003
    2002
    2001
    2000
    1999
    1998
    1997
    1996
    1995
    1994
    1993
    1992
    1991
    1990
    1989
    1988
    1987
    1986
    1985
    1984
    1983
    1982
    1981
    1980
    1979
    1978
    1977
    1976
    1975
    1974
    1973
    1972
    1971
    1970
    1969
    1968
    1967
    1966
    1965
    1964
    1963
    1962
    1961
    1960
    1959
    1958
    1957
    1956
    1955
    1954
    1953
    1952
    1951
    1950