Nigerian spam scammers infect themselves with malware

Kuttz

Level 13
Thread author
Verified
Top Poster
Well-known
May 9, 2015
630

Send your bank account details to save them


A group of Nigerian scammers might have accidently infected themselves with the same malware they want their victims to download.

The Nigerian scammer ring operates a new kind of attack called “wire-wire” which was so nasty that a few of its members accidentally infected themselves and managed to show all their operations to a security company.

SecureWorks researchers James Bettke,and Joe Stewart told the annual Black Hat security conference in Las Vegas that they had managed to get the inside leg measurement of the hacker team.

The group use a technique known as "Business Email Compromise," or BEC, in which they use internal corporate email accounts to execute fraudulent financial transactions. Or, in another approach scammers spoofed a CEO’s email from an external account to persuade an employee to send a wire transfer to their own bank account.

Wire-wire was a new spin on the attack and is harder to detect. Bettke and Stewart discovered the ring in February when five of the scammers self-infected their own computers with the same malware they were using to steal from others.

For months, the malware automatically loaded screenshots and keystrokes from compromised computers to an open web database. One of the infected scammers also frequently trained new scammers, which revealed even more details about their techniques. The SecureWorks team initially found the database by using the virus scanning tool VirusTotal to search for suspicious email attachments.

The wire-wire scammers begin by using a simple marketing tool to scrape the email addresses of businesses and employees from corporate websites. They hit these addresses with messages containing keylogger software or other malware in a process called “bombing”. Employees who click on a malicious link or open an infected attachment might be prompted to log in, providing scammers with the password to their email accounts.

Once they’re in they look for potential financial transactions. As soon as they see that the employee is sending an invoice to a customer, they reroute it through their own email account and physically alter the account number and routing number before forwarding it on to the customer.

The email address they use is often very similar to the original email address, so it’s easy to miss.

Since February, the SecureWorks team has witnessed the thieves deploy this method to reroute transactions averaging between US $30,000 and $60,000 from mostly small and medium-sized businesses making international deals. In one case, the attackers rerouted a $400,000 payment from a U.S. chemical company to its Indian supplier.

The scammers appear to be "family men" in their late 20s to 40s who are well-respected, church-going figures in their communities. “They're increasing the economic potential of the region they're living in by doing this, and I think they feel it is their patriotic duty to do this,” the researchers said.

SecureWorks team has notified Nigeria’s Economic and Financial Crimes Commission and their description of wire-wire scamming has led to at least one active investigation. They say the easiest way for business owners to prevent such attacks is to require two-step verification for employee logins.
 

soccer97

Level 11
Verified
May 22, 2014
517
They have been running many email scams for a decade - and sadly many many people have fallen for them or become victims of the newer ones. If you have ever watched a documentary on it (MSNBC I think), you would be surprised how prevalent it is - rooms full of people doing this. They bankrupt some victims, declaring that they are in love with them and praying on lonely people.

From what I remember, the old warning signs were:

A scan or email from a Xerox machine attachment
Spoofed emails
Word documents (especially .rtf)
The spam I have received in the past year does not contain many attachments - are they using much more advanced techniques when users open the email?

Talk about what goes around comes around - I have little to no sympathy for the thieves. Sorry for the rant.
 

seanss

Level 1
Verified
Aug 8, 2016
35
They have been running many email scams for a decade - and sadly many many people have fallen for them or become victims of the newer ones. If you have ever watched a documentary on it (MSNBC I think), you would be surprised how prevalent it is - rooms full of people doing this. They bankrupt some victims, declaring that they are in love with them and praying on lonely people.

From what I remember, the old warning signs were:

A scan or email from a Xerox machine attachment
Spoofed emails
Word documents (especially .rtf)
The spam I have received in the past year does not contain many attachments - are they using much more advanced techniques when users open the email?

Talk about what goes around comes around - I have little to no sympathy for the thieves. Sorry for the rant.
Not a rant at all! I need to watch some documentaries on this, like I've seen tech support scams and traditional phishing but not rooms full of deceptive people pretending to love you-- that's just creepy:confused:
 
  • Like
Reactions: DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top