The identities of a group of Nigerian scammers were revealed after they accidentally infected themselves with malware. Operating a new kind of attack called a ‘wire-wire’ attack, it is estimated that the group had managed to net some $3 million (about RM12 million) a year.
Security researchers Secureworks first identified the group after they discovered a malware that was sending unsecured data to an open webserver. The scammers were operating on a somewhat different modus operandi from the usual Nigerian scam. Instead of attempting to spoof business emails, the group instead harvested publicly available email addresses and targeted them with malware.
These victims would then be infected with a keylogger that also collected screenshots. The group would then intercept any billing information sent to a third party and alter the account information to their own. This would cause unsuspecting businesses to wire money to the scammers, netting them around $30,000 to $60,000 (about RM120,000 to RM180,000) per transaction.
The group was located mainly due to one of the members accidentally infecting himself with the malware; allowing researchers monitoring the web server to observe their activities. It has also allowed the researchers to also alert Nigeria’s Economic and Financial Crimes Commission, who have started an investigation into the matter.
[Source: Spectrum IEEE]
