Andrew Tate’s “The Real World” platform has been breached, again, leaking user data including emails and private chat…

Andrew Tate’s “The Real World” platform has been breached, again, leaking user data including emails and private chat logs. Explore the details of the hack and leaked data.

Andrew Tate, the controversial social media influencer currently under house arrest, is the newest victim of hacktivism. According to reports, unidentified hackers have successfully breached his online self-help platform, _The Real World_, formerly known as Hustler’s University.

Screenshot from the leaked data (Credit: Hackread.com)

The incident occurred when Tate was busy streaming the latest episode of his _show Emergency Meeting_, which airs on Rumble. This attack has resulted in the exposure of sensitive user data, including usernames, email addresses, and private chat messages. 

For your information, The Real World is an online university that focuses on health, fitness, financial investment, and e-commerce businesses with over 113,000 active users. It provides advanced training and mentoring at $50 per month and also teaches users how to master money making skills. 

The hackers, as per DailyDot, exploited a critical security vulnerability in the platform. After the successful attack, they flooded the primary chatroom with pro-feminist and LGBTQ+ emojis, temporarily banning users, and deleting attachments.

Their posted emojis included transgender flags, feminist fist, Tate’s AI-generated image draped in rainbow flags, another one with his buttocks enlarged, and cat characters used in his “boykisser” meme. 

Screenshot shows emojis spammed by the hackers

What is more concerning is that according to DDoSecrets, the hackers also managed to access a vast amount of user data, including over 794,000 usernames comprising current and former members, the content of The Real World’s 221 public and 395 private chat servers covering around a dozen campuses, and nearly 325,000 email addresses of users removed from the platform.

Tate is a controversial figure known for his toxic masculinity. The leaked data, now publicly available, offers a glimpse into the community that has formed around Tate with users expressing concerns about the _LGBTQ agenda_, the _matrix_, and recurrent shooting incidents. The hackers claimed their motive was hacktivism and Tate’s site being ‘hilariously insecure.’

It’s worth noting that this isn’t the first time Tate’s online platform has been compromised. Earlier this year, a data breach exposed millions of user messages and personal information due to a MongoDB database containing 88 gigabytes of data belonging to 968,447 user accounts being exposed since April 8, 2024. These repeated security failures raise serious questions about the platform’s commitment to protecting user data and maintaining a secure online environment.

1.  SiegedSec Hacktivist Strike NATO and Leak Sensitive Docs
2.  DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest
3.  Muslim Hacktivists Hack ISIS website; expose subscribers list
4.  Hacktivists Shut Down Donald Trump Hotel Collections Website
5.  RansomHub Hits Planned Parenthood Hack, Steals 93GB of Data
6.  SiegedSec Hits Heritage Foundation; Leaks Data Over “Project 2025”

Andrew Tate’s University Breach: 1 Million User Records and Chats Leaked

New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business…

New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business excellence. While it’s best known for its financial district, cultural landmarks, and media industry, New York has also emerged as a thriving cybersecurity, technology and app development hub.

Mobile app development companies in New York are at the forefront of delivering innovative solutions, driven by the city’s unique combination of resources, talent, and opportunity. Here’s why New York is a prime location for leading mobile development agencies.

****1\. Access to a Diverse Talent Pool****

New York is home to some of the world’s most prestigious universities and tech programs, including Columbia University, NYU, and Cornell Tech. These institutions produce highly skilled graduates in technology, design, and software engineering.

**Why It Matters:** Mobile app development companies in New York benefit from access to top-tier talent across various disciplines, ensuring they can assemble teams with diverse expertise. This diversity fosters creativity and innovation, critical for building cutting-edge mobile applications.

****2\. Thriving Tech Ecosystem****

New York’s Silicon Alley has grown into a vibrant tech ecosystem, attracting startups, established tech companies, and venture capitalists. This environment creates opportunities for collaboration, knowledge sharing, and investment in new ideas.

**Why It Matters:** Mobile development agencies in the city are well-connected to this tech network, allowing them to leverage the latest tools and technologies. This ecosystem also provides opportunities to partner with other innovative businesses, further enhancing their service offerings.

****3\. Exposure to Multiple Industries****

New York is a global leader in industries such as finance, healthcare, fashion, real estate, and media. Each sector has specific needs for mobile applications, from e-commerce platforms to health monitoring tools.

**Why It Matters:** The wide range of industries in New York challenges mobile app development companies to adapt and innovate constantly. By working with clients across diverse sectors, these agencies gain valuable experience and insights that make their solutions more versatile and effective.

****4\. Strong Focus on Innovation and Creativity****

As a cultural melting pot, New York is known for its dynamic and creative energy. This culture of innovation extends to the tech industry, where agencies are encouraged to think outside the box and develop groundbreaking mobile solutions.

**Why It Matters:** Mobile app development companies in New York are uniquely positioned to combine technical expertise with creative problem-solving. This results in apps that are not only functional but also visually appealing and user-friendly.

****5\. Access to a Global Market****

New York’s status as an international hub makes it a gateway to global markets. Companies based in the city have the advantage of working with clients from around the world, giving them a broader perspective on user needs and preferences.

**Why It Matters:** Mobile app development companies in New York design solutions that cater to diverse audiences. Their global outlook allows them to incorporate features that appeal to users across different cultures and regions, making their apps more competitive on a worldwide scale.

****6\. Cutting-Edge Use of Emerging Technologies****

The city’s tech agencies are at the forefront of integrating emerging technologies such as artificial intelligence, augmented reality, blockchain, and IoT into mobile applications.

**Why It Matters:** By embracing these innovations, New York-based companies deliver apps that are future-proof and highly functional. This proactive approach ensures that their clients stay ahead of the competition and meet evolving market demands.

****7\. Networking Opportunities and Events****

New York hosts numerous tech conferences, meetups, and hackathons, providing opportunities for professionals to connect, learn, and share ideas. Events like TechDay NYC and the NY Tech Meetup attract thought leaders and innovators from across the globe.

**Why It Matters:** These events help mobile app development companies stay updated on industry trends and best practices. Networking opportunities also enable them to forge partnerships that enhance their capabilities and broaden their client base.

****8\. Strong Support for Startups and Enterprises****

New York’s robust economy supports both startups and established enterprises, creating a thriving market for mobile app development. The city offers resources like incubators, accelerators, and funding opportunities to help businesses grow.

**Why It Matters:** Mobile development agencies in New York can cater to a wide range of clients, from ambitious startups looking to make their mark to large corporations aiming to enhance their digital presence. This versatility strengthens their expertise and reputation.

****Conclusion****

New York’s combination of talent, industry diversity, and technological innovation makes it a prime location for leading mobile development agencies. Mobile app development companies in New York thrive in an environment that encourages creativity, collaboration, and excellence, enabling them to deliver world-class solutions.

For businesses seeking to create impactful mobile apps, partnering with a New York-based agency ensures access to top-tier expertise and innovative technologies. As the city continues to drive advancements in the digital space, it remains a global leader in mobile app development.

1.  21 Best Amazon PPC Management Agencies
2.  Top SEO Agencies in the UK: Expert Insights
3.  The Idea of Web3 and 7 Global Web3 Agencies
4.  Kotlin app development company – How to choose
5.  Benefits of hiring a Java web appl development company
6.  5 Best Crypto Marketing Agencies for Web3 Security Brands

Why New York is a Prime Location for Leading Mobile Development Agencies

Plus: The worst telecom hack in US history rolls on, iPhones are harder to break into, and more of the week’s top security news.

A joint investigation by WIRED, Bayerischer Rundfunk (BR), and Netzpolitik.org uncovered that US companies legally collecting digital ad data are enabling adversaries to cheaply track American military and intelligence personnel. A collaborative analysis of billions of location coordinates from a US-based data broker revealed detailed tracking of thousands of devices from sensitive US sites in Germany, including NSA facilities and bases reportedly housing US nuclear weapons.

Elsewhere, social media giant Meta has disclosed for the first time its efforts to combat the forced-labor compounds driving the surge in pig butchering scams on its platforms. The company revealed that it has been quietly collaborating with global law enforcement, tech industry partners, and external experts for over two years to dismantle the crime syndicates behind these operations in Southeast Asia and the UAE. This year alone, Meta reports it has taken down more than 2 million accounts linked to scam compounds in Myanmar, Laos, Cambodia, the Philippines, and the UAE.

At the Cyberwarcon security conference on Friday, the cybersecurity firm SpyCloud shared findings about publicly accessible black market services offering low-cost access to sensitive information on Chinese citizens, including phone numbers, banking details, hotel and flight records, and even real-time location data. According to the firm’s researchers, these services seem to obtain their data through insiders within Chinese surveillance agencies and government contractors, who sell their access. Also at the conference, cybersecurity firm Volexity uncovered that a Russian hacking group has reportedly developed a novel Wi-Fi-hacking technique that involves taking control of a nearby laptop and using it as a bridge to infiltrate a targeted Wi-Fi network. Dubbed a “nearest neighbor attack,” the method was uncovered during a 2022 investigation by the firm into a network breach of an unnamed Washington, DC. client. And finally, researchers explored how the US is calling out foreign influence campaigns faster than they ever have—but there’s plenty of room for improvement.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

**“King of Toxic Masculinity” Gets Hacked**

Hacktivists have breached an online “educational platform” founded by the misogynistic right-wing influencer Andrew Tate reportedly revealing the email addresses of hundreds of thousands of users as well as the contents of the platforms’ private chat servers. Data from the hack, first reported by the Daily Dot, has now been published by the transparency nonprofit Distributed Denial of Secrets.

Andrew Tate, the so-called “king of toxic masculinity,” is currently under house arrest in Romania and faces two separate criminal charges, including allegations of forming an organized criminal group and trafficking women across Romania, the UK, and the US.

The compromised platform, a subscription-based service known as The Real World (formerly called Hustler's University), describes itself as a “global community” focused on “personal growth.” According to its website, members receive expert training, mentorship, and access to a wide range of educational courses for around $50 per month.

According to the Daily Dot, hacktivists announced their breach of the platform on Thursday by disrupting the course's main chatroom with a barrage of uploaded emojis while Tate was livestreaming an episode of his show _Emergency Meeting_ on Rumble. The emojis included a transgender pride flag, a feminist fist, an AI-generated image of Tate wrapped in a rainbow flag.

Data from the breach, verified by WIRED, includes more than 700,000 usernames and reportedly includes messages from 221 public and 395 private chat servers. An analysis by the Daily Dot reveals a mix of content within the chat logs, ranging from motivational quotes and personal progress updates to grievances about the “LGBTQ agenda.” WIRED is continuing to analyze the leaked material.

**The “Worst Telecom Hack in US History” Is Still Ongoing**

Chinese government hackers have infiltrated over a dozen US telecommunications companies in what a senior senator is calling the worst telecom breach in American history—and they’re still inside the networks. The hacking group, Salt Typhoon, has been able to eavesdrop on audio calls in real time and obtain millions of records of call and text metadata from targeted individuals, according to a Washington Post interview with Senator Mark Warner of Virginia, chairman of the Senate Intelligence Committee.

Fewer than 150 victims have been identified and notified by the FBI so far—most of them in the DC region—including president-elect Donald Trump, his vice president-elect, JD Vance, as well as people working for Vice President Kamala Harris and state department officials.

Warner said, however, that the effort was not directly election-related, as the hackers got into some telecom systems more than a year ago.

**Leaked Documents Show GrayKey Struggles to Access Modern iPhones**

Leaked documents obtained by 404 Media reveal that GrayKey, a phone-hacking tool used by law enforcement to extract data from devices in their possession, can at the moment only partially access information from modern iPhones running iOS 18.0 and 18.0.1.

While the precise details of exactly how Graykey operates are unknown, the tool reportedly brute-forces iPhone or Android passcodes to unlock them—essentially hacking the phone—allowing law enforcement to then access and extract encrypted device data. While the specific types of data accessible during a “partial” extraction are unclear, it likely includes unencrypted files and metadata, such as file sizes and folder structures.

The document provides context to an ongoing cat-and-mouse dynamic between forensic technology companies and mobile device manufacturers. With each new software update, tools like GrayKey are temporarily thwarted, prompting developers to quickly adapt their technology to catch up. At the moment it appears that they have not. This leak follows another report from 404 Media about a feature in iOS 18 called “inactivity reboot,” which forces devices to restart after four days of inactivity, adding another layer of difficulty for law enforcement attempting to access data on seized devices.

**Europe Probes Undersea Cable Sabotage**

European authorities are investigating suspected sabotage to two undersea fiber-optic cables: one linking Finland and Germany, and the other connecting Sweden and Lithuania. Russia—widely suspected as the likely perpetrator—denies involvement, dismissing the allegations as “ridiculous.”

The incident began on Sunday when two telecommunications companies detected traffic disruptions likely caused by physical damage to undersea cables. One of the affected cables, known as C-Lion—a vital 730-mile link between Finland and Central Europe—runs alongside other critical infrastructure, including gas pipelines and power lines.

By Wednesday, the Danish navy had reportedly intercepted a Chinese cargo ship in connection with the disruptions. The vessel, which had most recently docked in Russia before the incident, was near the damaged area at the time. It is now under investigation, with its crew being questioned about their possible involvement.

Andrew Tate’s ‘Educational Platform’ Was Hacked

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

Source: Adrian Vidal via Alamy Stock Photo

Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims.

Publishing open source packages with malware hidden inside is a popular way to infect application developers, and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI's ChatGPT and Anthrophic's Claude generative artificial intelligence (GenAI) platforms. The packages, claiming to offer application programming interface (API) access to the chatbot functionality, actually deliver an infostealer called "JarkaStealer."

"AI is very hot, but also, many of these services require you to pay," notes George Apostopoulos, founding engineer at Endor Labs. As a result, in malicious circles, there's an effort to attract people to free access, "and people that don't know better will fall for this."

**Two Malicious "GenAI" Python Packages**

About this time last year, someone created a profile with the username "Xeroline" on the Python Package Index (PyPI), the official third-party repository for open source Python packages. Three days later, the person published two custom packages to the site. The first, "gptplus," claimed to enable API access to OpenAI's GPT-4 Turbo language learning model (LLM). The second, "claudeai-eng," offered the same for ChatGPT's popular competitor, Claude.

Neither package does what it says it does, but each provide users with a half-baked substitute — a mechanism for interacting with the free demo version of ChatGPT. As Apostopoulos says, "At first sight, this attack is not unusual, but what makes it interesting is if you download it and you try to use it, it will kind of look like it works. They committed the extra effort to make it look legitimate."

Under the hood, meanwhile, the programs would drop a Java archive (JAR) file containing JarkaStealer.

JarkaStealer is a newly documented infostealer sold in the Russian language Dark Web for just $20 — with various modifications available for $3 to $10 apiece — though its source code is also freely available on GitHub. It's capable of all the basic stealer tasks one might expect: stealing data from the targeted system and browsers running on it, taking screenshots, and grabbing session tokens from various popular apps like Telegram, Discord, and Steam. Its efficacy at these tasks is debatable.

**Gptplus & claudeai-eng's Year in the Sun**

The two packages managed to survive on PyPI for a year, until researchers from Kaspersky recently spotted and reported them to the platform's moderators. They've since been taken offline but, in the interim, they were each downloaded more than 1,700 times, across Windows and Linux systems, in more than 30 countries, most often the United States.

Those download statistics may be slightly misleading, though, as data from the PyPI analytics site "ClickPy" shows that both — particularly gptplus — experienced a huge drop in downloads after their first day, hinting that Xeroline may have artificially inflated their popularity (claudeai-eng, to its credit, did experience steady growth during February and March).

"One of the things that \[security professionals\] recommend is that before you download it, you should see if the package is popular — if other people are using it. So it makes sense for the attackers to try to pump this number up with some tricks, to make it look like it's legit," Apostopoulos says.

He adds, "Of course, most average people won't even bother with this. They will just go for it, and install it."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.

Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-52804

**Tornado has an HTTP cookie parsing DoS vulnerability**

High severity GitHub Reviewed Published Nov 22, 2024 in tornadoweb/tornado

**Package**

pip tornado (pip)

**Affected versions**

<= 6.4.1

**Description**

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.

**References**

*   GHSA-8w49-h785-mj3c

Published to the GitHub Advisory Database

Nov 22, 2024

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.

Source: Robert Gilhooly via Alamy Stock Photo

Japan's web of ruthless Yakuza organized crime syndicates continues to operate, threatening the country's citizens with everything from extortion to gangland murders. Local agencies within communities are set up to help those who get involved with gangsters — but unfortunately, one of them has been hacked, potentially leading to physical safety consequences for the victims.

The Kumamoto Prefecture Violence Prevention Movement Promotion Center said that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing effort.

"On November 15th, a center staff member was directed to a support fraud website while working and was illegally accessed," according to an "apology" notice on the agency's website (via Google Translate). "When the staff member noticed something was wrong, he immediately cut off the power and network connection of the computer terminal, but we cannot deny the possibility that data including personal information used in work may have been leaked."

That information could include addresses, phone numbers, and names: “If you receive a phone call or mail using the name or staff of the 'Violence Prevention Movement Promotion Center' at your address or workplace, please immediately report it … without responding to the request of the other party or opening the mail.”

Beyond follow-on phishing or fraud calls however, the information could be valuable for syndicates looking for those who have left "the life" or extortion victims who got away. The center is contacting those who may have been affected.

**About the Author**

Yakuza Victim Data Leaked in Japanese Agency Attack

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012…

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012 & CVE-2024-9474, enabling admin bypass and root access. Top targets: US & India.

Cybersecurity researchers at Shadowserver have revealed that approximately 2,000 **Palo Alto Networks** firewalls have been compromised. The breaches leverage two recently identified zero-day vulnerabilities in the company’s PAN-OS software. These vulnerabilities have been labeled as CVE-2024-0012 and CVE-2024-9474.

****The Vulnerabilities****

**CVE-2024-0012**: This vulnerability is an authentication bypass in the PAN-OS management web interface. It allows remote attackers to gain administrator privileges without authentication. This means attackers can tamper with firewall settings, making them more susceptible to further exploitation.

**CVE-2024-9474**: This flaw is a privilege escalation issue. Once exploited, it lets attackers execute commands with root privileges, giving them full control over the compromised firewall.

> Heads-up! Thanks to collaboration with the Saudi NCA we are now scanning & reporting Palo Alto Networks devices COMPROMISED as a result of a CVE-2024-0012/CVE-2024-9474 campaign. Found ~2000 instances compromised on 2024-11-20: dashboard.shadowserver.org/statistics/c… Top affected: US & India
> 
> — The Shadowserver Foundation (@shadowserver.bsky.social) November 21, 2024 at 9:45 AM

****Operation Lunar Peek – Ongoing Threat Activity****

Palo Alto Networks has **named** the initial exploitation of these vulnerabilities “Operation Lunar Peek.” Palo Alto Networks initially warned customers on November 8 about restricting access to their next-generation firewalls due to an unspecified remote code execution flaw.

Since then, the company has observed a notable increase in threat activity following the public release of technical insights by third-party researchers on November 19, 2024.

Unit 42, Palo Alto Networks threat intelligence team, assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which could lead to broader threat activity.

The company is currently investigating the ongoing attacks, which involve chaining these two vulnerabilities to target a limited number of device management web interfaces. The company has observed threat actors dropping malware and executing commands on compromised firewalls, indicating that a chain exploit is likely already in use.

****Recommendations for Users****

Palo Alto Networks has provided several recommendations to mitigate the risk:

*   **Monitor and Review:** Users should monitor for any suspicious or abnormal activity on devices with a management web interface exposed to the internet. After applying the patch, it is crucial to review firewall configurations and audit logs for any signs of unauthorized administrator activity.
*   **Patch Immediately:** Customers are advised to update their systems to receive the latest patches that fix CVE-2024-0012 and CVE-2024-9474. Detailed information about affected products and versions can be found in the Palo Alto Networks Security Advisories.
*   **Restrict Access:** To reduce the risk, Palo Alto Networks recommends restricting access to the management web interface to only trusted internal IP addresses. This is in line with their recommended best practice deployment guidelines.

****Expert Insights****

**Elad Luz**, Head of Research at Oasis Security, emphasizes the importance of immediate action even before patching. He advises affected customers to restrict access to the web management interface, preferably allowing only internal IPs. Luz also stresses the need to ensure that devices are free from any potential malware or malicious configurations after patching.

1.  Palo Alto Patches 0-Day Exploited by Python Backdoor
2.  Authentication bypass Flaw found in NATO approved firewall
3.  Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
4.  CISA Urges Patching of Palo Alto Networks’ Expedition Tool Flaw
5.  Backdoor account found in 100K+ Zyxel Firewalls, VPN Gateways

Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked

Meta provided some insight into their fight against pig butchering scammers, who are often victims of organized crime themselves

Meta provided insight this week into the company’s efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram.

Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The numbers are not precise because some researchers see these scams as a special kind of romance scam, while others classify them as investment fraud, muddying the numbers based on which group is counting what type of loss.

Still, the general idea is that scammers use elaborate storylines to fatten up victims into believing they are in a romantic or otherwise close personal relationship. Once the victim places enough trust in the scammer, they bring the victim into a cryptocurrency investment scheme. Then comes the “butchering”—an attempt to “bleed” a target dry of their money.

Pig butchering, however, isn’t always a simple case of cybercriminals preying on unsuspecting victims. As Meta described, sometimes the scammers themselves are victims that work in scam centers, mainly located in Asia.

> “These criminal scam hubs lure often unsuspecting job seekers with too-good-to-be-true job postings on local job boards, forums, and recruitment platforms to then force them to work as online scammers, often under the threat of physical abuse.”

These workers not only work on pig butchering scams. They are also forced to engage in a wide range of malicious activities that can involve cryptocurrency and gambling, or they can be tasked to carry out impersonation scams.

Working with expert NGOs and law enforcement partners in the US and Southeast Asia, Meta has focused on investigating and disrupting the activities of the criminal scam centers in Southeast Asia. This has led to the take-down of over two million accounts linked to scam centers in Myanmar, Laos, Cambodia, the United Arab Emirates, and the Philippines.

Despite their location, the targets of the scams can be found all over the globe. The scammers follow playbooks to gain the trust of the targets. Contacting victims initially on social media, dating apps, email, or messaging apps, the scammers later move their interactions to more private channels like scammer-controlled accounts on crypto apps or scam websites masquerading as investment platforms. This pushes victims further into a trap and it removes their ability to report their conversations to a platform that takes this type of abuse seriously.

From here, scammers will continue the charade that they’ve set up wise investments for the targets. But once enough trust has been built to seriously rob a victim, scammers will steal what they can and disappear. As Meta said:

> “Typical of ‘pig butchering’ schemes, the target may be allowed to withdraw small amounts to build trust, but once they start asking for their ‘investment’ back or it becomes clear that they do not have more funds to send to the scammer, overseas scammers typically disappear with all the money.”

**How to avoid becoming the pig**

The good thing about pig butchery scams is that they mostly follow a narrow pattern, with few variations. If you recognize the signs, you stand a very good chance of going about your day with a distinct lack of pig-related issues. The signs are:

*   Receiving stray messages for “someone else” that appear out of the blue. This can be a message directed to someone who does not have your name.
*   The profile picture of the person you’re talking to looks like someone who is a model.
*   Common scam opening lines may involve: Sports, golfing, travel, fitness.
*   At some point they will ask you about investments and/or cryptocurrency.
*   They will ask you to invest or take some of their money and use that instead.

As you can see, there is a very specific goal in mind for the pig butcher scammers, and if you find yourself drawn down this path, the alarm bells should be ringing by step 4 or 5. This is definitely one of those “If it’s too good to be true” moments, and the part where you make your excuses and leave (but not before hitting block and reporting them).

Here’s what you can do to keep yourself safe:

*   Don’t give scammers the information they need. Scammers rely on what you volunteer about yourself online to tweak their script and lure you in. Use tools such as the Malwarebytes Personal Data Remover to minimize the amount of data accessible through search engine results, spam lists, and people search sites.
*   Perform an image search of the photo and the name of the person you’re in touch with. Scammers often steal someone else’s image to use as bait, and stolen identities are rife.
*   Go slow. Scammers tend to rush, building rapport with their victims as quickly as possible before moving in for the money-themed kill.
*   Never give money to anyone you’ve met online
*   Get a second opinion from someone you trust
*   If in doubt, back away and report the account.

If you’ve been impacted by a romance scam, pig butchering, or crypto investment fraud, you can report the crime to the Internet Crimes Complaint Center (IC3), which is run by the FBI, or the FTC on its reporting and resources page.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 Meta takes down more than 2 million accounts in fight against pig butchering 

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection.
"The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.

Tag

#web