Banners, Bots and Butchers: The AI-Driven Long Con in Asia

Keypoints

• Investigators found a hybrid scam model that combines malvertising for mass acquisition with messaging‑app‑centric pig butchering for prolonged social engineering and monetization.
• More than 23,000 domains were associated with the ecosystem, many generated via RDGAs and registered in bulk to enable rapid scaling and domain rotation.
• Lookalike and dictionary-based domains (e.g., googlenames[.]top, youtubefind[.]top) were used to increase credibility and prolong domain longevity, while random-character RDGA domains were cycled faster.
• Structurally similar lure websites and overlapping advertising flows, analytics IDs, and messaging patterns indicate a shared enablement layer or off‑the‑shelf kit supporting multiple operators.
• Actors redirected victims from ads to legitimate messaging apps (LINE, KakaoTalk, WhatsApp) where AI/automated chatbots impersonated experts or assistants and ran scripted group/one‑on‑one interactions to solicit escalating payments.
• Campaigns heavily targeted Japan and other Asian markets but have expanded to English, German, and Spanish audiences, suggesting global reuse and localization of the model.
• Reported individual losses reached up to ¥10 million (~US$63,000), demonstrating significant financial impact on victims who were ultimately asked to pay a final “release fee” for nonexistent profits.