Cybersecurity researchers have exposed service providers enabling industrial-scale pig butchering scams through turnkey fraud platforms. These PBaaS (Pig Butchering-as-a-Service) providers supply criminal networks with complete packages including stolen credentials, social media accounts, CRM platforms, mobile apps, and payment processing systems for as little as $50-$2,500. The report details operations like Penguin Account Store and UWORK that provide fraud kits, stolen identity datasets, and automated victim engagement tools. Researchers also uncovered related threats including parked domains redirecting to scams (90% of cases), Evilginx AitM phishing campaigns targeting US universities, and a 14-year-old Indonesian gambling network spanning 328,000 domains with potential nation-state ties.
Table of contents
Parked Domains as a Conduit for Scams and Malware #Malicious Evilginx AitM Infrastructure Drives Credential Harvesting #Fraudulent Gambling Network Shows Signs of APT Operation #Sort: