Infoblox Exposes Hybrid Malvertising & “Pig Butchering” Scam

Cybercriminals are continuously evolving their tactics to maximize profits, and a new hybrid scam has emerged on the global stage. According to a recent report by Infoblox Threat Intel, threat actors are now merging two previously distinct forms of fraud—malvertising and “pig butchering”—to create a highly scalable and devastatingly effective financial scam.

The campaign, which initially targeted users in Asia, is rapidly expanding its geographic footprint, posing a severe threat to consumers worldwide who are looking to invest in cryptocurrency.

Traditionally, malvertising relies on malicious ads to direct victims to fake platforms, while “pig butchering” involves labor-intensive social engineering, where scammers build a relationship with the victim over time before financially draining them.

Infoblox researchers discovered a sophisticated fusion of the two while investigating suspicious domains generated using registered domain generation algorithms (RDGAs).

“While we expected to uncover a classic investment scam, we discovered something quite different: a hybrid scam model that combines malvertising-driven victim acquisition with messaging app-centric pig butchering,” the report explains.

The attack lifecycle is carefully engineered to build false trust and maximize financial extraction:

• Victims are first lured by clicking on an investment ad on social media.
• The malicious website prompts the victim to engage with a so-called financial “expert” via popular messaging apps.
• Victims are added to multiple chat groups where scammers use social engineering tactics to encourage repeated deposits under the guise of earning extra profits. The platform displays “fabricated and exaggerated returns to give the illusion of success”.
• When the scammers are ready to pull the plug, they execute one final extortion. They “inform victims that the service is shutting down and instruct them to pay a final fee to ‘release’ their profits-the coup de grâce”. Once the fee is paid, the scammers vanish.

The financial devastation is severe. In Japan, which was heavily targeted initially, individual victim losses tied to this campaign reached up to ¥10 million (approximately $63,000 USD).

What makes this hybrid model particularly dangerous is its scalability.

While the operation was initially a regional threat heavily impacting Japan and South Korea, Infoblox warns that the ecosystem is pivoting. “Campaigns associated with this ecosystem are increasingly targeting English-, German-, and Spanish-speaking audiences,” the report states.

By relying on automated malvertising for the initial hook, cybercriminals have eliminated the need for the time-consuming, one-on-one grooming phase traditionally associated with pig butchering. As the report ominously concludes, these actors “can now deploy scalable, automated business models that merge two previously distinct scam methods into a single operational workflow,” marking a profound and dangerous shift in the landscape of investment fraud.

Related Posts:

• 300,000 Forced to Scam: Meta’s Report Reveals Staggering Scale of “Pig Butchering”
• “Pig Butchering” Scam: Cybercriminals Prey on Mobile Trading Enthusiasts
• Infoblox Uncovers Malicious Wave in .US Domain Registrations