What happened
A sophisticated cryptocurrency scam operation is actively targeting users across Asia, especially in Japan, by combining malvertising on social media with long‑term “pig butchering” social engineering to defraud victims of significant sums, with reported individual losses up to ¥10 million.
Who is affected
Individual investors and users of social platforms like Facebook and Instagram in Japan and the wider Asian region are being lured into fraudulent investment schemes; those drawn into messaging app groups are particularly at risk.
Why CISOs should care
This campaign illustrates evolving cybercriminal tactics that blend technical infrastructure abuse (malvertising, automated domain generation) with social engineering, increasing the risk surface for financial loss and reputational damage. The use of AI‑driven bots and rapid domain rotation complicates detection and response, highlighting vulnerabilities in employee and customer digital behavior that CISOs must address proactively.
3 practical actions
- Enhance phishing and malvertising defenses by configuring advanced web, email, and ad‑security controls to detect and block suspicious domains and malicious ad content early.
- Train users on scam indicators including the risks of engaging with unverified social ads, joining messaging groups via QR codes, and promises of guaranteed crypto returns.
- Monitor and respond to domain and bot activity using threat intelligence feeds and automated detection tools to identify RDGA‑generated domains and unusual bot‑like interactions.