Undercover in a pig-butchering shop.
N2K logoFeb 13, 2023

Sophos this morning detailed a Hong Kong-based pig butchering scam leveraging the MetaTrader 4 application to extort money.

Undercover in a pig-butchering shop.

Sophos researchers today released a report detailing a scheme they’ve dubbed “Fool’s Gold,” one of many pig-butchering schemes they’ve tracked earlier as “CryptoRom.” Pig butchering uses emotional appeals, usually conducted with an extensive preparatory phase, to lure victims into investing in fraudulent schemes.

Victims mine for gold, attackers use pig butchering tactics.

Researchers report that the scam began with a direct message on Twitter feigning the identity of a Hong Kong-based woman. The “woman” moves the conversation from Twitter and onto Telegram, and eventually brings up a gold trading marketplace that “her uncle” taught her to use. MetaTrader 4, a legitimate trading application created by a Russian company observed to be previously abused, is the app eventually provided to the researcher, though not via the legitimate App Store, but rather in the form of a link to a fake website.

The pirated MetaTrader 4 application, with alarming requirements.

The iOS download of the app alarmingly “required accepting an enterprise mobile management profile connecting my (test) phone to a server in China,” the researcher reports, saying that the scammer claimed that the app had to be installed in this manner due to “US sanctions.” Due to the actual MetaTrader 4 app’s development by a Russian company, the app is not accessible in the US store. Sophos reports that the illegitimate application is only slightly modified, with one server tracing back to the Hong Kong-based scammer.

Like niece, like uncle: that knowledgeable Uncle Martin is a catfish.

The scammer then redirected the researcher to that “uncle” she said was a gold trading expert. The uncle, given the name “Martin Richard,” feigned legitimacy, claiming to be a former Goldman Sachs analyst. He provides a link to the “Mebuki” financial site and guides the researcher through registration, with “Martin” eventually saying that the “real” account’s setup would enable deposits and trades that could be executed under his instruction. "Martin" and his "niece," not to mix metaphors, are of course catphish, fictitious personae.

Added February 14, 2023 at 10AM ET.

Expert commentary on romance scams.

Antoine Vastel, PhD, Head of Research at DataDome, notes the dangers of unprotected sensitive dating app data:

"Large websites, such as popular dating app sites, own vast amounts of sensitive user data, and protecting this data -- without impacting the user experience -- is a huge challenge. But the cost of not rising to the challenge is too steep. Today, it's mission critical to implement dedicated bot protection along each and every step of a website/app user's journey. Otherwise, you risk data breaches, reputational damage, fines and more. Furthermore, data-scraping isn't going anywhere. In fact, we expect that next year, it will increase by at least 25%. We see more and more tools that make it really easy to make advanced bots. Whether it is open source libraries that enable attackers to forge their fingerprints, or bots as a service that make the creation of advanced bots as easy as making an API request, this favors the creation of scraper bots. So as the popularity of dating apps continues to rise, we must be on the lookout for malicious bots looking to steal data and more."