Send your bank account details to save them
A group of Nigerian scammers might have accidently infected themselves with the same malware they want their victims to download.
The Nigerian scammer ring operates a new kind of attack called “wire-wire” which was so nasty that a few of its members accidentally infected themselves and managed to show all their operations to a security company.
SecureWorks researchers James Bettke,and Joe Stewart told the annual Black Hat security conference in Las Vegas that they had managed to get the inside leg measurement of the hacker team.
The group use a technique known as "Business Email Compromise," or BEC, in which they use internal corporate email accounts to execute fraudulent financial transactions. Or, in another approach scammers spoofed a CEO’s email from an external account to persuade an employee to send a wire transfer to their own bank account.
Wire-wire was a new spin on the attack and is harder to detect. Bettke and Stewart discovered the ring in February when five of the scammers self-infected their own computers with the same malware they were using to steal from others.
For months, the malware automatically loaded screenshots and keystrokes from compromised computers to an open web database. One of the infected scammers also frequently trained new scammers, which revealed even more details about their techniques. The SecureWorks team initially found the database by using the virus scanning tool VirusTotal to search for suspicious email attachments.
