Nigerian Prince scammers now a 'formidable threat'

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Love live the Nigerian Prince scheme? While 419 advance-fee scams still do exist, some of the cybercriminals behind them have moved on to targeted malware campaigns.
The Nigerian Prince is growing up fast, and becoming quite the royal pain.
According to a research report and accompanying blog post by Palo Alto Networks' Unit 42 threat research team, the Nigerian cybercriminals traditionally known for their 419 advance-fee scams have evolved from silly spray-and-pray email spam campaigns to more refined con games that target large business organizations with malware and fetch princely sums totaling millions of dollars.
“Nigerian actors have demonstrated a clear growth in size, scope, complexity and capability over the past two years and as a direct result, they should now be regarded as a formidable threat to businesses worldwide,” warned the company in its research paper Thursday, referring to the latest cybercriminal activity by the code name SilverTerrier.
Unit 42 researchers analyzed over 8,400 malware samples originating from Nigerian scam emails from July 2014 to June 2016, pinpointing roughly 100 individual actors or groups behind these campaigns. The researchers also found that the frequency of malware attacks jumped wildly in this time, from fewer than 100 attacks in July 2014 to a range of 5,000 to 8,000 per month – peaking in May 2016 with nearly 19,000 incidents.
And yet, Nigerian scammers still seem to be the Rodney Dangerfield of the cybercriminal world – in part, notes Palo Alto, because they have a reputation of using cheap commodity malware tools that are readily available in the underground market. However, this does not reflect a lack of Internet-savvy. Rather, “They have learned how to successfully apply simple malware tools with precision in order to create substantial losses ranging from tens of thousands up to millions of dollars for victim organizations, and they have broadened their scope well beyond targeting unsuspecting individuals,” the blog post reads.
Palo Alto identified five of the scammers' most popular malware tools as Predator Pain, ISR Stealer, Keybase, ISpySoftware and Pony, each of which enables attackers to remotely access or steal credentials from infected machines. Relying on inexpensive commodity tools actually affords the scammers a key advantage: they can instead allocate the bulk of their budget toward the latest, state-of-the-art cryptors that obfuscate the malware in order to evade antivirus solutions, the report explains.
And just because commodity malware is inexpensive doesn't mean it's not effective at what it does. In fact, “If you were to compare that tool to something built by a very sophisticated… nation-state, that tool is probably more sophisticated,” particularly from a development perspective, said Ryan Olson, intelligence director at Palo Alto Networks, in an interview with SC Media.
Tactically, the Nigerian scammers have also shifted from carpet bombing random individuals with spam
to coordinating surgical spear-phishing strikes against specific business targets. Instead of relying on bizarre tales of political intrigue and lost fortunes to tempt recipients with improbable get-rich-quick schemes, these scammers now carefully craft emails that offer credible value propositions to their targets. Many of these emails rely on Business Email Compromise and Business Email Spoofing techniques to make the emails appear as if they are originating from a trusted and plausible source, the report continues.
In the samples Palo Alto studied, malware attacks most frequently targeted the high-tech, higher education and manufacturing industries. In addition to using email, the Nigerian scammers also propagate their malware through fraudulent websites that sometimes impersonate the sites of legitimate companies and organizations.
Palo Alto also took a closer look at the individuals and entities behind these campaigns, leveraging threat intelligence and advanced analytics to link threat actors' domain registration details with their Facebook and Google+ social media profiles. In doing so, the researchers found that many of the perpetrators live comfortably, are well educated (often owning technical degrees) and primarily range in age from late teens to mid-40s.
Perhaps of most concern, they are becoming more organized, connecting with each other as well as international criminal groups via social networking in order to conduct business or share information.
By mapping out this Nigerian social network, Unit 42 was able to link Nigerian actors to additional malware tools, including the NanoCore remote access trojan, HawkEye keylogger, Aegis crypter and Orway crypter. Moreover researchers were able to identify a select few individuals who “appear to serve as the connective tissue between various subsets of Nigerian actors and the tools they use.” These key links could potentially be suppliers of malware tools or perhaps even cybercriminal bosses.
Regardless, the lesson is clear: It appears “A lot of individuals in these networks are essentially learning from each other,” said Olson.
 

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
They are getting smarter. Now I just mess them around. I remember receiving a dating scam and they tried to play the I am being held by hostile parties and need money game
I am surprised so many fall for their tricks especially here in the US, their grammar is all screwed up, their phrasing
and spelling. I can read a message and tell if its a scam and weather or not it's from Nigeria by the format
and content. I am so used to seeing them they are easy to spot, and yes I agree, it is fun to mess with them.
lol :p
 

Entreri

Level 7
Verified
May 25, 2015
342
A lot of people are naive and gullible. Scammers continue to make a lot of money.

Even professional scammers targeting an individual, it's laughable. There is no such thing as a free lunch, get rich quick etc.
 

soccer97

Level 11
Verified
May 22, 2014
517
It is sad that the vulnerable (elderly, people who are lonely, some who are homebound from disability) do tend to fall for this. Many are lonely., some are bankrupt and some don't have enough money for retirement so they fall for it. The same with pyramid schemes.

From our perspective- yes, the Nigerian prince email claiming I won the lottery and asking for my SSN, DOB, Mother's maiden name and basic security questions makes it a little easier to guess. These people need to get a life.

Below is a short documentary on catching a Nigerian 419 scammer in the act on camera.

I was hesitant to post this originally - but this is some of the extent they go to: Follow the Money - Dateline NBC (The Hansen Files)

For for a Public Service announcement, there's the 419 romance scams, which can get really serious: Romance Scams

The Dateline video is kind of funny (but sad) - as in the absurd amount of steps they will go to, even meeting the person. It goes so far. And, on Camera, the guy is busted. It even happens in the US.
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
It seems incredible, but many people have falls and have shipped to them information such as account number, address, etc ending up in the network of criminals, able then to get a lot of money in a short time before one realizes he's been naive.

It is difficult to accept this thing, but it has a mathematical basis: it is so illogical as to be efficient!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top