Two service providers that give online criminal networks the infrastructure and tools they need to support the pig butchering-as-a-service (PBaaS) economy have been identified by cybersecurity researchers This article explores baiting scams service. . Chinese-speaking criminal organizations have established industrial-scale scam centers throughout Southeast Asia at least since 2016, establishing special economic zones dedicated to fraudulent investment and impersonation operations.

Thousands of people live in these compounds after being enticed with the prospect of well-paying jobs, only to have their passports revoked and coerced into committing fraud under threat of violence. These networks have been described by INTERPOL as large-scale fraud driven by human trafficking.

One of the main forces behind the pig butchering (also known as romance baiting) scams are service providers who give the networks all the resources they need to manage social engineering operations, quickly launder stolen money and cryptocurrency, and transfer illicit proceeds to accounts that are inaccessible to law enforcement. An administrator can create profiles for agents, who are likely to interact with the victims, and configure the websites' settings through a special panel that gives them a high-level view of the entire operation. "Everything required to operate a pig butchering business is available in the admin panel.

Multiple email templates, chat and email records, profitability metrics, user and agent management, and more, according to Infoblox.

"Agents can even be affiliates of one another, and the management of agents is very complex." In order to get around app store restrictions, PBaaS providers have also been discovered to offer mobile applications for iOS and Android by distributing them as APK files and enrolling a small number of Apple devices in a testing program. Some threat actors have gone one step further, releasing these apps directly on app marketplaces while disguising their functionality as innocuous news apps.

Finding Evilginx's phishing URLs will only get harder as it develops. ### Evidence of APT Operation in a Fraudulent Gambling Network A vast network of more than 328,000 domains and subdomains, including more than 236,000 gambling-related domains, was revealed last month by researchers from the security firm Malanta. This network has been active since at least 2011 and is probably a dual operation run by a nation-state-sponsored group that targets victims in the United States, Europe, and Southeast Asia.

According to researchers Yinon Azar, Noam Yitzhack, Tzur Leibovitz, and Assaf Morag, the network, which is mainly used to target Indonesian-speaking visitors, is thought to be a part of a larger operation that includes thousands of gambling domains, malicious Android applications, domain and subdomain hijacking hosted on cloud services, and stealth infrastructure embedded inside business and government websites worldwide. "This campaign represents one of the largest and most complex Indonesian-speaking, well-funded, state-sponsored-level ecosystems observed to date," Malanta said, combining illicit gambling, SEO manipulation, malware distribution, and extremely persistent takeover techniques. In order to take over and weaponize trusted domains, the activity entails the methodical exploitation of WordPress, PHP components, dangling DNS, and expired cloud assets.

Additionally, it has been discovered that the infrastructure powers a sizable Android malware ecosystem that distributes APK droppers with command-and-control (C2) and data-theft capabilities and is housed on Amazon Web Services (AWS) S3 buckets.