Cryptocurrency Scams Target Asia, Combining Malvertising and Pig Butchering with Losses Up to ¥10 Million

A sophisticated cryptocurrency scam campaign is currently targeting users across Asia, with a heavy and specific focus on Japan.

This operation uniquely combines two distinct fraud models into a single, highly effective attack vector: malvertising and “pig butchering.”

By blending the broad reach of malicious advertising with the psychological manipulation of long-term social engineering, cybercriminals are successfully stealing massive sums from unsuspecting investors.

Recent reports indicate that individual victims have suffered financial losses as high as ¥10 million after falling for these elaborate schemes.

The attack sequence begins with malvertising, where threat actors place convincing fake advertisements on social media platforms like Facebook and Instagram.

These ads frequently impersonate prominent financial experts or promote exclusive “AI-driven” investment algorithms to lure victims.

When users click these ads, they are redirected to fraudulent “lure” websites designed to mimic legitimate investment portals.

These sites ultimately prompt the victim to join a chat group on messaging apps such as LINE, WhatsApp, or KakaoTalk by scanning a QR code to receive “special” guidance.

Infoblox analysts identified the malware ecosystem after observing a massive cluster of suspicious domains disproportionately queried by users in Japan.

Once victims join the messaging apps, they are engaged not by human operators, but likely by advanced AI-driven bots.

These automated agents act as assistants, engaging victims in continuous conversations to build trust.

They share fabricated success stories and encourage small initial investments that appear to yield high returns. Eventually, victims are persuaded to transfer larger sums.

When they attempt to withdraw funds, the scammers demand a “release fee,” causing further financial damage before the criminals vanish.

Automated Engagement and Infrastructure

A critical aspect of this campaign is its reliance on automation to scale operations globally. The attackers employ Registered Domain Generation Algorithms (RDGAs) to generate thousands of new domains rapidly.

This technique allows them to rotate infrastructure quickly, making it difficult for security teams to block the scam effectively. Over 23,000 domains have been linked to this ecosystem, often using lookalike names to appear legitimate.

Furthermore, the chat interactions exhibit clear signs of AI assistance, such as instant responses 24/7 and seamless language switching.

This automation allows the scammers to maintain high-quality social engineering attacks without the labor constraints of traditional fraud models.

The infrastructure suggests a “service” model that enables multiple actors to launch attacks simultaneously using the same tools.

Recommendations

• Always verify the official accounts of financial experts before trusting social media ads.
• Be extremely skeptical of any investment opportunity that promises guaranteed or unrealistic returns.
• Avoid clicking on links or scanning QR codes from unverified sources.
• Do not transfer cryptocurrency to individuals met solely through online chat groups.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Cryptocurrency Scams Target Asia, Combining Malvertising and Pig Butchering with Losses Up to ¥10 Million appeared first on Cyber Security News.