Scammer Infects His Own Machine With Spyware, Reveals True Identity

In what can only be explained as a case of karmic irony, a Nigerian scammer accountable for stealing more than 800,000 credentials from some 28,000 victims above the past numerous a long time lately infected his very own equipment with info-stealing malware that resulted in his identity currently being uncovered.

Researchers from Malwarebytes received on his trail when they determined a team they track as “Nigerian Tesla” amid various risk actors concentrating on Ukrainian entities. Malwarebytes experienced tracked the group for a long time initially although it was engaged in a string of so-called 419 progress payment fraud (aka Nigerian letter ripoffs), in which victims get e-mails promising them a generous fee for facilitating a revenue transfer involving a significant sum.

In excess of the past two a long time, Malwarebytes researchers experienced observed the risk actor switching from 419 cons to distributing Agent Tesla, a greatly employed remote-entry Trojan (RAT) for stealing personalized facts from infected units.

Malwarebytes lately discovered Nigerian Tesla attempting to distribute the malware by way of an email with a issue header titled “Final Payment” in Ukrainian. Recipients who clicked on the connection in the e mail had been directed to a file-sharing site, which then downloaded the Agent Tesla binary to the user’s technique.

The attack chain involved the command-and-control server (C2) sending a concept to Agent Tesla on infected methods, intended to confirm that the malware had been appropriately configured for distant communication. In examining the marketing campaign, scientists detected an oddity — several messages made up of the text “Take a look at successful” coming from the attacker’s have equipment. There is only a single rational conclusion: The attacker had somehow managed to self-inflict Agent Tesla malware.

A member of Malwarebytes’ risk intelligence crew tells Dark Examining that the menace actor made various faults: “The most significant one particular was to infect his very own personal computer with the Agent Tesla stealer,” he suggests. “By accomplishing so, all the qualifications from their equipment, saved in prevalent programs these as browsers, were being gathered and exfiltrated. In a feeling, they turned just one more sufferer, but in this circumstance of their own malware.”

An examination of the examination email messages exposed the attacker’s IP address, which then led the researchers down a path that in the long run revealed to them the attacker’s serious identity, deal with, shots, and a copy of his Nigerian driver’s license.

A Path of Bread Crumbs
One particular of the to start with issues Malwarebytes uncovered when investigating the menace actor’s IP address was that he had sent extra than two dozen supplemental e-mail from the exact same IP deal with. The scientists have been unable to figure how the attacker had managed to infect his own technique. But the emails discovered various other companies that the menace actor utilised as aspect of his attack infrastructure.

These involved a company that could be used as a source for victim emails, one more for extracting e-mails from compromised techniques, file hosting and storage expert services, virtual private servers, and VPN and DNS expert services. The researchers also found various assumed names that the Nigerian Tesla team employed in previous email frauds, together with numerous e mail accounts that have been applied in phishing scams and facts theft strategies.

An investigation of the email messages and the personae connected with them confirmed that the Nigerian Tesla team had been engaged in felony cyber things to do likely back again to at the very least 2014. At that time the group was generally engaged in 419 frauds involving e-mail from fictitious individuals going by names these as Rita Bent, Lee Chen, and John Cooper. Malwarebytes uncovered the menace building a change to malware distribution in 2020, and recognized the applications the attacker used to obfuscate their binaries and to examination no matter if they could be detected.

Throughout their investigation Malwarebytes scientists observed a few of pictures of the individual that appeared to have started off the operation, as perfectly as the Agent Tesla-infected person’s driver’s license. Malwarebytes identified the particular person only as “E.K” and as someone born in 1985.

Tags: "Dxc Technology Malaysia Sdn Bhd, 3rd Wave Of Technology, Active Mind Technology Steve Suda, Adia Technology Limited, Anxiety Caused By Technology, Aum Technology Job Openings, Best Books On Licensing Technology, Best Us Companies Drivetrain Technology, Boulder Creek Ca Technology Companies, Bounce Box Technology, Bridgerland Applied Technology College Cafeteria, Cisco Technology News, Comcast Comcast Technology Internship Program, Complete Automated Technology, Defence Technology News, Definition Information Technology System, Digital Technology, Digital Technology Pdf, Director, Emerging Technology In Healthcare 2019, Energy Efficient Home Technology", Environmental Technology 2019, Esl Information Technology Vocabulary, Farming Technology Replacing People, I.T. Information Technology, Information Technology Residency Programs, Issue With Holographic Counterfeiting Technology, La Crosse Technology 9625 Manual, La Crosse Technology C89201 Manual, Lane Dedection Technology, Long Quotes About Technology, Micron Technology San Francisco, Modern Steel Mill Technology, Nc Lateral Entry Technology, New Technology Replaces Wifi, Russian Technology City, Shenzhen Nearbyexpress Technology Development, Stackoverflow Resume With Technology Interests, State Agency For Technology, Teacher Comfort With Technology Survey, Technology Companies In Southwest Florida, Technology Credit Union Address, Technology In Mercedes Glc, Technology Material Grant For College, Technology Meibomian Lid, Technology Production And Cost, Treehouse Education Technology, Western Technology Center Sayre Ok, What Is Jet Intellagence Technology, Why Women In Technology, Will Technology Take Away Libraries

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31