Chinese-speaking criminal syndicates have spent nearly a decade industrializing romance-baiting fraud. They have built a cross-border ecosystem that sells scam operations as a service, according to cybersecurity researchers and international law enforcement. The groups have been creating scam centers in Southeast Asia since 2016, mostly inside special economic zones to protect operators from law enforcement. Pig-butchering scams use social engineering to swindle money from victims through fake relationships and fraudulent trading platforms. According to enterprise DDI service Infoblox, this commoditized industry has providers that supply everything required to launch, manage, and scale campaigns while laundering proceeds in places authorities can’t reach to freeze. “They have established sophisticated global money laundering and human trafficking networks dedicated to staffing these operations with tens of thousands of slave workers brought in from countries around the world and forced to scam from bases in Cambodia, Laos, Myanmar, the Philippines, and elsewhere,” Infoblox wrote in a report published last Thursday. Southeast Asia centers are made up of forced labor The California-based internet company found the scam economy has several compounds hosting thousands of workers, many of whom are trafficked into the facilities. Victims are lured by promises of high-paying technology or sales jobs, only to have their passports confiscated immediately after arriving in the countries. INTERPOL said these operations are human trafficking-fueled fraud conducted on an industrial scale, like the Golden Triangle Economic Zone. According to Infoblox, the GTEZ has “safe zones” where criminal syndicates operate call centers, manage servers, and coordinate financial flows using pig-butchering-as-a-service, or PBaaS, a plug-and-play business. “Large scam compounds such as the Golden Triangle Economic Zone (GTSEZ) are now using ready-made applications and templates from PBaaS providers.” Vendors here sell stolen identities, front companies, scam platforms, and mobile applications, which operators use alongside scripted narratives for social engineering, access to bank accounts, disposable devices, internet connectivity, and social media profiles. They also use phishing websites to direct victims to “investment opportunities” and systems to launder stolen funds in crypto. The researchers also shed light on pre-registered SIM cards, fake identities, stolen accounts, and smuggled satellite internet equipment. Crime service system Penguin used to attack social media accounts In its analysis on Chinese-based hacking networks, Infoblox listed a crimeware-as-a-service model codenamed Penguin. The group has advertisements for fraud kits, scam templates, and “shè gōng kù” datasets with stolen personal information from Chinese citizens. Penguin also sells account credentials from social media platforms, including X, Tinder, YouTube, Snapchat, Facebook, Instagram, Apple Music, OpenAI ChatGPT, Spotify, and Netflix, which are traded on the dark web. Prices for pre-registered social media accounts reportedly start at $0.10, increasing based on age and perceived authenticity. Fake profiles made for pig butchering. Source: Infoblox. The group has also developed a Social Customer Relationship Management platform called SCRM AI. The system enables automated engagement with victims through social media, which scam operators use to manage conversations at scale. Moreover, Penguin is encouraging its clientele to use a payment processing platform from Bochuang Guarantee named BCD Pay, an anonymous peer-to-peer solution soaked in illegal online gambling networks. A second service category is customer relationship management tools that centralize control over scam agents. Vendors such as UWORK provide content libraries and agent management systems, with templates for creating fraudulent investment websites. Many of these sites say they work with real trading platforms like MetaTrader. The interfaces provide real-time financial data to make it look like they are trustworthy, but the scammers send transactions to accounts they control. “The admin panel offers everything needed to run a pig butchering operation. Multiple email templates, user management, agent management, profitability metrics, and chat and email records,” Infoblox’s report outlined. Advanced phishing PBaaS suppliers on smartphones Phishing scammers have expanded their reach into mobile distribution, developing Android and iOS APK files or using limited Apple testing programs to bypass app store controls. Some operators are also purportedly publishing apps directly on marketplaces while disguising them as news or utility tools. Basic website templates with hosting can cost around $50. Complete packages, including administrative access , virtual servers, mobile apps, trading platform integration, front company incorporation, and regulatory registration, can start at $2,500. “Sophisticated Asian crime syndicates have created a global shadow economy from their safe havens in Southeast Asia,” security investigators Maël Le Touz and John Wòjcik said. The smartest crypto minds already read our newsletter. Want in? Join them .
