Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

Silver Spaniel attacks use commodity malware to damage others security, but they arent very good at protecting their own.

Nigerias 419 scammers are evolving. Instead of just using charm to con wealthy marks into handing over their cash, these actors are now also using malware, according to a Palo Alto Networks report released today.
Palo Alto has dubbed this series of attacks Silver Spaniel. Fortunately, these individuals are often experts at social engineering, but novices with malware.
The attackers are primarily using the NetWire remote access tool along with DataScrambler, a crypter used to evade anti-virus software. These are relatively inexpensive commodity tools that can be easily obtained at online marketplaces. So far, the attackers are delivering these executables as email attachments. Silver Spaniel attacks have thus far not exploited any software vulnerabilities and have instead relied entirely on social engineering to trick victims into installing malware, according to the report.
The attackers are using dynamic DNS domains from NoIP for command-and-control, but in an effort to make it easier to manage their malicious activity, theyre making it easier for law enforcement officials to locate them. From the report:
At least one attacker configured their system to use the Dynamic Update Client (DUC) provided by NoIP.com to automatically direct traffic destined for their domain to the IP address of their PC. This automated the assignment process, but also exposed their non-VPN IP address and location. These non-VPN IP addresses belong to ISPs that provide mobile Internet access to much of Nigeria.
Not only are they doing a poor job of hiding their IP addresses, but theyre also doing a poor job of hiding their own identities. Palo Alto provided the example of Ojie Victor, a rather hapless fellow who may or may not be involved in Silver Spaniel attacks but is certainly attempting to commit acts that are consistent with the style.
Victor was found posting messages on social networks and forums, publicly seeking assistance buying and using malware. For example, he tweeted: I NEED A SPOOFER FOR MY CYBERGATE RAT... CAN SOMEBODY HELP ME OUT HERE? [email protected].
Read the full report at
paloaltonetworks.com/resources/research/419evolution.html
(registration required).

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)