The world of cybercrime has taken a dangerous turn as pig butchering scams now operate as turnkey services, lowering entry barriers for bad actors worldwide.
The “Penguin” operation represents a growing marketplace that provides everything scammers need to launch large-scale fraud campaigns, from stolen personal data to ready-made fraud templates.
This service-based model mirrors other crime-as-a-service platforms but targets victims through social engineering schemes that drain life savings and retirement funds.
Over the past decade, Chinese-speaking criminal groups have built industrial-scale scam centers across Southeast Asia, creating special economic zones dedicated entirely to fraud operations.
These compounds staff thousands of forced workers who execute romance scams, investment fraud, and other pig butchering schemes.
The transformation from individual scammers to organized service providers has created what experts call Pig Butchering as a Service, or PBaaS.
This model supplies criminal networks with tools, stolen credentials, infrastructure, and management platforms that enable operations to scale rapidly.
Hendryadrian and Infoblox Threat Intel analysts identified the Penguin operation through underground marketplace analysis, revealing a comprehensive fraud ecosystem.
The service provider operates under multiple names including Heavenly Alliance and Overseas Alliance, advertising openly on encrypted platforms.
They offer fraud kits, pre-registered SIM cards, stolen social media accounts, and payment processing systems that allow scammers to launch operations with minimal technical knowledge.
Website templates start at just $50, while complete fraud packages cost around $2,500, making entry into this criminal economy surprisingly affordable.
Inside Penguin’s Operation and Service Offerings
Penguin began by selling shè gōng kù databases, which contain stolen personally identifiable information of Chinese citizens collected through government corruption or data breaches.
These databases include years of bank records, travel history, political affiliations, and family details that scammers use to identify wealthy targets and build trust during social engineering attacks.
The platform now sells Western social media accounts from Tinder, WhatsApp, Adobe, and Apple’s developer platforms. Pre-registered accounts cost as little as $0.10, with prices increasing based on registration date and authenticity verification.
.webp "New 'Penguin' Pig Butchering as a Service Selling PII, Stolen Accounts and Fraud Kits 3")
The service extends beyond stolen data to include complete operational support. Penguin provides “character sets,” which are collections of stolen photos harvested from social media profiles used to create convincing fake identities.
They also offer 4G and 5G routers, IMSI catchers, and SCRM platforms that automate victim engagement across social channels.
The BCD Pay payment processing system connects directly to anonymous peer-to-peer networks rooted in illegal gambling operations, allowing scammers to launder stolen funds and move cryptocurrency outside law enforcement reach.
Criminal groups purchase management platforms like UWORK that centralize fraud operations through customer relationship management dashboards.
These platforms let administrators create agent profiles, set deposit thresholds, track profitability metrics, and geofence websites to avoid law enforcement in high-risk countries.
First-level agents handling direct victim contact have restricted access, preventing them from stealing money meant for operation leaders.
.webp "New 'Penguin' Pig Butchering as a Service Selling PII, Stolen Accounts and Fraud Kits 4")
The systems integrate with legitimate trading platforms like MetaTrader, displaying real-time financial data that makes fake investment sites appear credible.
Mobile apps distributed through iOS provisioning files and Android APK sideloading bypass official app store verification, installing scam platforms directly onto victim devices while potentially granting device management access to criminals.
The commodification of these fraud services has dramatically increased both the scale and sophistication of pig butchering operations globally.
Law enforcement and security professionals now face an organized, service-based criminal ecosystem rather than isolated scam groups.
Disrupting this threat requires targeting the service providers, financial enablers, company formation facilitators, and DNS infrastructure that underpin the entire PBaaS economy.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
