Cybersecurity researchers have highlighted the role of service providers that supply online criminal networks with the infrastructure and tools needed to operate pig butchering-as-a-service, or PBaaS, schemes. Since at least 2016, Chinese-speaking criminal groups have established large-scale scam centers across Southeast Asia, creating compounds that function as dedicated hubs for fraudulent investment and impersonation operations. Thousands of individuals are lured into these operations with promises of high-paying jobs but are then forced to participate in scams under threat of violence, an activity INTERPOL classifies as human trafficking-fueled fraud on an industrial scale.
A critical driver behind these operations is the emergence of PBaaS providers, which supply ready-made applications, templates, and full-service kits for launching and managing social engineering scams. According to Infoblox, large compounds such as the Golden Triangle Economic Zone utilize off-the-shelf tools that include stolen identities, front companies, mobile applications, and account management platforms, reducing the technical expertise and investment previously required. Threat actors such as Penguin Account Store, also known as Heavenly Alliance or Overseas Alliance, operate under a crimeware-as-a-service model, offering stolen personal information, pre-registered social media accounts, bulk SIM cards, and even specialized Social Customer Relationship Management software to automate engagement with victims. Payment solutions like BCD Pay provide anonymous peer-to-peer processing, further enabling the laundering of illicit proceeds.
Customer relationship management platforms also play a central role in scaling PBaaS operations. UWORK, for instance, provides templates for investment scam websites, some integrated with legitimate trading platforms such as MetaTrader to appear credible. These sites often include Know Your Customer panels that capture personal information from victims. Admin panels allow operators to manage agents, track profitability, and control communications, effectively providing a centralized system for orchestrating large-scale scams. Mobile apps for Android and iOS are distributed through APK files or limited testing programs to bypass store controls, with some even released publicly under the guise of harmless applications while concealing scam functionality behind passwords. Full scam packages, including websites, hosting, mobile apps, trading platforms, and front companies, can cost as little as $2,500, providing sophisticated capabilities at relatively low cost.
Researchers also highlighted ancillary threats that facilitate these operations, such as parked domains used for malware and scam redirection, and phishing toolkits like Evilginx, which have targeted at least 18 U.S. universities to harvest credentials. Additionally, a sprawling fraudulent gambling network spanning over 328,000 domains has been linked to a likely state-sponsored operation targeting Southeast Asia, Europe, and the U.S. This infrastructure leverages cloud services, malware-laden Android applications, hijacked domains, and social media promotion to direct victims to gambling platforms while evading detection. The longevity, scale, and sophistication of these networks underscore the industrial-level organization of online fraud, illustrating how modern cybercrime ecosystems have become deeply embedded and globally coordinated.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
