We believe that they launder their money through a few strategies such as buying gold and luxury items, or mixing the money they have obtained through these scams with money collected legitimately. “With this single transaction, the scammer is slated to collect over $1 million. In one case, the experts at FireEye observed one single transaction worth $1m. They then instruct the money mule about the new transaction to manage. Once the criminals intercept a transaction they’ll log into the victim account to impersonate him and they’ll ask buyers to send the payment to an account they own. The way the fraudsters operate is simple as effective, once they have infected victim’s machine, they monitor the keylog files for email accounts dealing with purchase transactions. They rely on these third-party tool providers to furnish them with documentation or tutorials on the tools, to create stealthy exploits, and to troubleshoot issues.” As these interactions show, the scammers are heavily reliant on third-party malicious tool developers to create and maintain their tools. “To obtain exploits, crypters, infostealers and remote access tools (RATS), they access forums to inquire and search for malicious software…We have observed several instances of the scammers interacting with tool providers. The report also revealed that hackers have poor technical skills so they search for help on the dark net. A free email account might indicate that the user is not technically savvy or is a small business.” The scammers would not have to register a domain and set up an email server. Of particular interest to them are email addresses from free email service providers” states the report.”There are a few possible reasons for them to target free email accounts: n Fewer obstacles to spoof the email addresses. ![]() The scammers extract email addresses from these pages using email scraping tools. “We have also seen scammers search Google for email listings of trade show participants and suppliers or distributors of various goods. The report revealed that the number of victims is 2328 across 54 countries, the majority are in India (45%), Indonesia (19%) and Vietnam (17%).Īccording to the experts at FireEye the choice is not casual, the document used in the scam appear more credible to non-native English speakers in the Asian countries, the fraudsters also targeted individuals in those countries where they have bank accounts or can easily transfer money into said accounts. It uses MWI to infect victims with HawkEye-a commercial keylogger that has become well known due to its high rate of infection success across multiple industries 3-and another keylogger called KeyBase.” states the report. The group adopted the Microsoft Word Intruder (MWI) exploit kit 2 as one of its primary methods. ![]() ![]() “The cybercriminals behind this operation are located in Nigeria and are using malware as a component of their fraud scams. The experts discovered a unique C&C server behind the operation of the gang, the fraudsters always used the MWI exploit kit to forge malicious documents used by the gang to infect victims with keyloggers like HawkEye and KeyBase. The report, titled “ An Inside Look into the World of Nigerian Scammers,” reveals the TTPs of a small group composed of at least four criminals living in Africa.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |