Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cryptocurrency Fraud. Show all posts
Wan Kuok-koi
Cryptocurrency Fraud Cyber Attacks global cybercrime human trafficking Online Scams pig butchering scams Wan Kuok-koi

Global Cybercrime Epidemic: Pig-Butchering Scams Exploit Vulnerable Victims and Flourish Amidst Enforcement Gaps

 

The phenomenon of “pig-butchering” scams has emerged as a significant cybercrime, exploiting vulnerabilities intensified by the Covid-19 pandemic. These schemes involve creating fraudulent investment platforms and manipulating victims emotionally, often targeting them through social media. Shockingly, these operations are frequently linked to human trafficking networks across Southeast Asia.

Central to these allegations is Wan Kuok-koi, also known as “Broken Tooth,” a former Macau gangster. According to The Wall Street Journal, Wan is believed to be a key figure behind these scams. Despite his alleged connections to organized crime, Wan remains at large, shedding light on the failures of international enforcement efforts.

Named for the analogy of “fattening” victims with trust before “butchering” them financially, pig-butchering scams typically involve scammers posing as friends or romantic partners online. Once trust is established, victims are persuaded to invest in fake cryptocurrency platforms, often losing vast sums of money.

One striking example involved a Kansas banker who embezzled $547.1 million from his own bank to cover his losses. A study by finance professor John Griffin found that criminal networks moved over $75 billion through cryptocurrency exchanges in just four years, with Tether being the most commonly used stablecoin.

“These are large criminal organized networks, and they’re operating largely unscathed,” Griffin stated.

Wan Kuok-koi, infamous for his leadership of Macau’s 14K Triad in the 1990s, served 14 years in prison for organized crime. After his release, he resurfaced as a businessman. In 2018, he established the Hongmen Association in Cambodia, which purported to be a cultural organization but has been linked to cybercrime operations.

The group's activities expanded into Myanmar with the establishment of the Dongmei Zone, described by investigators as one of the first scam compounds. At a 2020 ribbon-cutting ceremony, Wan appeared alongside militia members, solidifying the zone’s association with illicit activities. The U.S. Treasury has since sanctioned the Dongmei Zone for its role in human trafficking and cyber scams.

Thousands of individuals have been trafficked into scam compounds like Dongmei under false promises of legitimate work. Victims are forced to surrender their passports and engage in fraudulent activities under constant surveillance.

Lu Yihao, a Chinese man enslaved for seven months in Dongmei, said: “As far as I could tell, from my personal experience, Dongmei was specifically built for criminal purposes.” The United Nations estimates that over 200,000 people are trapped in such conditions across Southeast Asia.

Efforts to combat pig-butchering scams are hindered by the role of cryptocurrencies, which facilitate laundering and obfuscation of funds. Platforms like Tokenlon have been identified as tools for scam proceeds, while Binance has worked with authorities to freeze fraudulent accounts.

Jan Santiago, a consultant for Chainbrium, explained: “People in the U.S., their money is going straight to Southeast Asia, into this underground economy.”

The Covid-19 pandemic provided fertile ground for these scams, as isolation left many more susceptible to emotional manipulation. Victims have lost not only their savings but also their trust.

A recent study titled How Do Crypto Flows Finance Slavery? The Economics of Pig Butchering emphasized the global scale of these operations. Paolo Ardoino, Tether’s CEO, stated: “With Tether, every action is online, every action is traceable, every asset can be seized, and every criminal can be caught,” though critics argue that cryptocurrencies remain attractive for illicit activities.

Wan has denied any involvement in criminal operations. In a 2020 video, he claimed that his Hongmen Association “follows the law.” However, his continued appearances at Hongmen events, including the recent opening of a Macau office, raise questions. Investigators remain unable to locate him.

Pig-butchering scams have expanded significantly, exploiting the perfect storm of the pandemic and the complexities of cryptocurrency tracking. Authorities face ongoing challenges in dismantling these sprawling networks.
Read more »
young male fraudsters
Bitcoin Scams Cryptocurrency Fraud Cyber Fraud digital financial crime EFCC report Nigeria social media platforms study U.S. targets University of Surrey young male fraudsters

Emerging Wave of Digital Criminals Targets U.S. Financial Systems

 

A recent study by the University of Surrey, in partnership with Nigeria’s Economic and Financial Crimes Commission (EFCC), reveals that cryptocurrency fraud in Nigeria is overwhelmingly carried out by young men, with males accounting for all convicted offenders and nearly two-thirds of them under 30. Over half (55%) of these cases target victims in the United States, illustrating a troubling cross-border crime trend.

The analysis highlights a growing wave of young, tech-savvy criminals leveraging digital currencies to execute sophisticated fraud schemes, making enforcement a major challenge. 

Dr. Suleman Lazarus, co-author and cybercrime specialist at the University of Surrey, pointed out the urgent need for global collaboration to address the issue, noting, “Our findings expose a surge in cryptocurrency fraud, led by a generation of male offenders using online platforms and digital currencies to conduct high-stakes crimes with global reach.”

The study involved a comprehensive review of case files, which revealed that platforms such as Facebook (27%), Gmail (22%), and Instagram (14%) are frequently used to contact and deceive victims. Notably, Bitcoin is the cryptocurrency of choice for nearly half (46%) of these schemes, complicating efforts to trace and recover stolen funds due to its inherent anonymity.

Financial gains from these scams vary widely, from as little as $1,000 to as high as $475,000 in cash, with some fraudsters accumulating up to 1,200 Bitcoin—worth an estimated $81.96 million. Contrary to the assumption that technical sophistication requires advanced education, only about 25% of the convicted fraudsters held a degree.

Dr. Lazarus emphasizes that the popularity of digital currencies calls for heightened awareness among law enforcement, policymakers, and the public to combat this evolving financial threat.
Read more »
Two Factor Authentication
Chromium Browser Cryptocurrency Fraud Malicious Browser Extension malware Rilide Malware Trustwave SpiderLabs Two Factor Authentication

Rilide Malware: Hackers Use Malicious Browser Extension to Bypass 2FA and Steal Crypto


Trustwave SpiderLabs security researchers have recently discovered a new malicious browser extension, named Rilide, targeting Chromium-based browsers like Google Chrome, Brave, Opera, and Microsoft Edge. 

The malicious activities include monitoring browsing history, taking screenshots and stealing cryptocurrency through scripts injected into websites. Rilide impersonated benign Google Drive extensions to remain undetected while abusing built-in Chrome features. 

The cybersecurity company also found another operation that loaded the extension using a Rust loader by leveraging Google Ads and the Aurora Stealer. 

While the origin of the malware is still unknown, Trustwave reports that it shares similarities with extensions that are sold to cybercriminals. In addition, due to a dispute between hackers over an unsolved payment, some of its code was recently disclosed on a dark web forum. 

Hijacking Chromium-based Browsers 

Rilide’s loader modifies the web browser shortcut files to automate the execution of the malicious extension that is dropped on the compromised system. When the malware is executed, a script attaches a listener to monitor when the victim switches tabs, receives web content, or finishes loading a page. It also monitors if the current site matches a list of targets available from the command control (C2) server. 

If there is a match, the extension loads extra scripts that are injected into the webpage to steal the victim's cryptocurrency and email login information, among other details. Additionally, the extension disables the browser's "Content Security Policy," a security measure intended to guard against cross-site scripting (XSS) attacks to freely load external resources, usually restricted by the browser. 

Bypassing Two-factor Authentication 

Another interesting attribute of Rilide is its 2FA-bypassing system, used in producing bogus dialogs to lure victims into entering their temporary codes. The system is triggered once the victim has submitted a request for a cryptocurrency withdrawal to one of the exchange services that Rilide targets. 

Right when the script needs to be injected into the background to process the request automatically, malware enters the picture. Once the user has entered the code on the fake dialog, Rilide utilizes it to complete the withdrawal process to the hacker’s wallet address. 

“Email confirmations are also replaced on the fly if the user enters the mailbox using the same web browser[…]The withdrawal request email is replaced with a device authorization request tricking the user into providing the authorization code,” the Trustwave report explains. 

This way, Rilide has highlighted the growing threat possessed by malicious browser extensions, which now include live monitoring and automated money-stealing systems. 

How can You Protect Yourself From Malicious Browser Extensions?

In regards to the issue, Trustwave SpiderLabs noted that Google enforcing Manifest V3 might aid in making it difficult for the threat actors to use malicious extensions to organize attacks. However, it would not solve the issue entirely as “most of the functionalities leveraged by Rilide will still be available,” the researchers added. 

In order to protect yourself, it has been advised to use the best antivirus software, that would help in preventing your system from getting infected or having your data compromised. Similarly, a good identity theft protection service can help restore your stolen identity or funds stolen by hackers. 

Moreover, when installing new browser extensions, one must only rely on using trusted sources such as Chrome Web Store or the Microsoft Edge Add-ons store.  

Read more »
USA
Cryptocurrency Fraud Cyber Fraud Cybercrimes Lazarus Group Online Banking USA

US Government Seizes Cryptocurrency Worth $30 Million From Lazarus Hackers

The U.S. government in collaboration with blockchain analysts and FBI agents successfully seized $30 million worth of cryptocurrency stolen by the North Korean-linked hacker group 'Lazarus' from the popular token-based 'play-to-earn' game Axie Infinity earlier in the year. 

The government reported this news during the AxieCon event today, where the officials highlighted it as a big achievement. The officials further appreciated and encouraged large-scale collaboration between multiple law enforcement authorities and private entities against growing cyber threats. 

As per the statements made by blockchain analysts on Thursday, it's a momentous event for law enforcement agencies as it is the first time when the agencies have successfully seized crypto tokens from the infamous Lazarus Group. 

“I am proud to say that the Chainalysis Crypto Incident Response team played a role in these seizures, utilizing advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds”, the blog reads. 

Chainalysis talked about the laundering process of the group which involves the following five stages:  

• Stolen Ether sent to intermediary wallets 
• Ether mixed in batches using Tornado Cash 
• Ether swapped for bitcoin 
• Bitcoin mixed in batches 
• Bitcoin deposited to crypto-to-fiat services for cashout,  

However, following the incident, the US Office of Foreign Assets Control - Sanctions Programs and Information has sanctioned tornado cash for its role in the cryptocurrency laundering case. 

The total financial damage caused by Lazarus' Axie Infinity hack is around $620 million, thus, the amount that has been recovered represents only 5% of that value and 10% of the cryptocurrency amount. 

The analysts further stated they “have proven that with the right blockchain analysis tools, world-class investigators and compliance professionals can collaborate to stop even the most sophisticated hackers and launderers. There is still work to be done, but this is a milestone in our efforts to make the cryptocurrency ecosystem safer.” 

Hence, the US government and New York-based blockchain analysis firm are confident that in the future they will recover more damages from the past.
Read more »
Scammers
Bitcoins Cryptocurrency Fraud Cyber Fraud Frappo Hackers phishing Scam Scammers

Welcome “Frappo”: Resecurity Discovered a New Phishing-as-a-Service

 

The Resecurity HUNTER squad discovered "Frappo," a new underground service available on the Dark Web. "Frappo" is a Phishing-as-a-Service platform that allows fraudsters to host and develop high-quality phishing websites that imitate significant online banking, e-commerce, prominent stores, and online services in order to steal client information. 

Cybercriminals created the platform in order to use spam campaigns to spread professional phishing information. "Frappo" is widely advertised on the Dark Web and on Telegram, where it has a group of over 1,965 members where hackers discuss their success in targeting users of various online sites. The service first appeared on the Dark Web on March 22, 2021, and has been substantially updated. The most recent version of the service was registered on May 1, 2022. 

"Frappo" allows attackers to operate with stolen material in an anonymous and encrypted manner. It offers anonymous billing, technical assistance, upgrades, and a dashboard for tracking acquired credentials. "Frappo" was created as an anonymous cryptocurrency wallet based on a Metamask fork. It is totally anonymous and does not require a threat actor to create an account. 

Amazon, Uber, Netflix, Bank of Montreal (BMO), Royal Bank of Canada (RBC), CIBC, TD Bank, Desjardins, Wells Fargo, Citizens, Citi, and Bank of America are among the financial institutions (FIs) for which the service creates phishing pages. The authors of "Frappo" offer hackers a variety of payment options based on the length of their subscription.  "Frappo," works like SaaS-based services and platforms for legitimate enterprises, enabling hackers to reduce the cost of developing phishing kits and deploy them on a larger scale. Notably, the phishing page deployment procedure is totally automated, since "Frappo" uses a pre-configured Docker container and a secure route to gather compromised credentials through API. 

Once "Frappo" is properly configured, statistical data such as how many victims opened the phishing page, accessed authorisation and input credentials, uptime, and the server status will be collected and visualised. Compromised credentials will appear in the "Logs" area alongside further information about each victim, such as IP address, User-Agent, Username, Password, and so forth. The phishing pages (or "phishlets") that have been discovered are of high quality and include interactive scenarios that fool victims into providing authorization credentials. 

Threat actors have successfully leveraged services like "Frappo" for account takeover, business email compromise, and payment and identity data theft. Cybercriminals use sophisticated tools and methods to assault consumers all over the world. Digital identity protection has become one of the top objectives for online safety, and as a result, a new digital battleground emerges, with threat actors looking for stolen data.

Christian Lees, Chief Technology Officer (CTO) of Resecurity, Inc. stated, “Resecurity is committed to protecting consumers and enterprises all over the globe, and is actively involved in public-private partnerships to share actionable cyber threat intelligence (CTI) with financial institutions, technology companies and law enforcement to ultimately minimize the risk of credentials being compromised and data breaches being executed.”
Read more »
Subscribe to: Posts (Atom)