Emma Okonji
Sophos, a global leader in innovating and delivering cybersecurity as a service, has revealed how sha zhu pan scammers that are conducting elaborate, romance-based cryptocurrency fraud, are leveraging a business model similar to cybercrime called ‘as-a-service’ by selling sha zhu pan kits on the dark web, thereby globally expanding to new markets.
Sophos details these advanced sha zhu pan operations (also known as pig butchering) in its article, “Cryptocurrency Scams Metastasize into New Forms.”
Giving details about the fraud, Principal Threat Researcher at Sophos, Sean Gallagher, said: “When pig butchering first appeared during the time of the COVID pandemic, the technical aspects of the scams were still relatively primitive and required a lot of effort and guidance to successfully scam victims. Now, as the scams have become more successful and the fraudsters have refined their techniques, we are seeing a similar evolution to what we have seen with ransomware and other types of cybercrime in the past, which is the creation of an ‘as-a-service’ model. Pig butchering rings are creating ready-made DeFi app kits, which other cybercriminals can purchase on the dark web. As a result, new pig butchering rings that are unaffiliated with Chinese organised crime groups are appearing in areas like Thailand, West Africa and even the US.
“As with other types of commercialised cybercrime, these kits lower the entry barriers for cybercriminals interested in pig butchering and vastly expand the victim pool. Last year, pig butchering was already a multi-billion-dollar fraud phenomenon, and the problem is likely only to grow exponentially this year.”
Sophos X-Ops has been tracking the evolution of pig butchering schemes for two years. The earliest iterations, dubbed by Sophos as ‘CryptoRom’ scams, involved connecting with potential victims on dating apps and then convincing them to download fraudulent crypto trading applications from third-party sources.
In 2022, the scammers continued to refine their operations, this time finding ways to bypass app store review processes to sneak their fraudulent apps into the legitimate App Store and Google Play Store. This was also the year that a new scam pattern emerged: fake cryptocurrency trading pools (liquidity mining).
