Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

  /     /     /  
Publicated : 22/11/2024   Category : security


Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)


Silver Spaniel attacks use commodity malware to damage others security, but they arent very good at protecting their own.



Nigerias 419 scammers are evolving. Instead of just using charm to con wealthy marks into handing over their cash, these actors are now also using malware, according to a Palo Alto Networks report released today.
Palo Alto has dubbed this series of attacks Silver Spaniel. Fortunately, these individuals are often experts at social engineering, but novices with malware.
The attackers are primarily using the NetWire remote access tool along with DataScrambler, a crypter used to evade anti-virus software. These are relatively inexpensive commodity tools that can be easily obtained at online marketplaces. So far, the attackers are delivering these executables as email attachments. Silver Spaniel attacks have thus far not exploited any software vulnerabilities and have instead relied entirely on social engineering to trick victims into installing malware, according to the report.
The attackers are using dynamic DNS domains from NoIP for command-and-control, but in an effort to make it easier to manage their malicious activity, theyre making it easier for law enforcement officials to locate them. From the report:
At least one attacker configured their system to use the Dynamic Update Client (DUC) provided by NoIP.com to automatically direct traffic destined for their domain to the IP address of their PC. This automated the assignment process, but also exposed their non-VPN IP address and location. These non-VPN IP addresses belong to ISPs that provide mobile Internet access to much of Nigeria.
Not only are they doing a poor job of hiding their IP addresses, but theyre also doing a poor job of hiding their own identities. Palo Alto provided the example of Ojie Victor, a rather hapless fellow who may or may not be involved in Silver Spaniel attacks but is certainly attempting to commit acts that are consistent with the style.
Victor was found posting messages on social networks and forums, publicly seeking assistance buying and using malware. For example, he tweeted: I NEED A SPOOFER FOR MY CYBERGATE RAT... CAN SOMEBODY HELP ME OUT HERE? [email protected].
Read the full report at
paloaltonetworks.com/resources/research/419evolution.html
(registration required).

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)