The collected information is sent in encrypted form to an email account or server used by the attackers.
#Predator pain keylogger download download
The payload in question is Hawkeye, a generic, relatively straightforward keylogger/information-stealer that searches for system information and extracts user credentials (from email clients and web browsers), logs keystokes, and can also do things like deny access to certain websites, download and execute additional files, and spread via removable drives. The malware is sent after a few back-and-forth emails, once trust is established and makes it likely that the target will open the attachment without thinking twice. In order to gain access to the suppliers’ business email account, the scammers first send out emails to the companies’ publicly searchable email addresses (usually info or initial emails are usually targeted enquiries, but do not contain a malicious attachment (click on the screenshot to enlarge it): The targeted companies are also often related to one another (by location or industry) or already doing business together – attacks are more likely to succeed if the attackers are already in possession of information that can be used to highly personalize the emails to new targets, and can send them from legitimate, compromised business email accounts. Small businesses have been known to be prone to simple attacks due to their lack in resources to set up proper security strategies,” the researchers noted. “We think that this could be related to the fact that companies who were targeted by these schemes were small businesses (or in one case, the regional office of a large enterprise), which are more abundant in developing countries.
The scammers’ main targets are small-to-medium size businesses (SMB), predominantly in India, Egypt, and Iran, but also in other Asian countries, the US and Russia. What happens then is that the customer sends their payment to the cybercriminal’s account, causing loss to the supplier.” “At some point during this engagement – most likely during the time when payment is discussed – the cybercriminal sends an email to the customer using the supplier’s compromised email account to inform them that the account where they should deposit their payment has changed to a different account – one controlled by the cybercriminal. This is done by monitoring the engagements happening between the supplier and their customer as it unfolds over email,” the researchers explain. “In ‘change of supplier’ fraud, the cybercriminals’ ultimate goal is to hijack ongoing business transactions to divert payments into the cybercriminals’ account. Trend Micro has even managed identify two cybercriminals who are performing them: “Uche” and “Okiki”. But there is another type of scam that these fraudsters actively engage in: the so-called “change of supplier” scam. When someone mentions advanced fee or romance scams most people immediately associate them with Nigerian scammers.
0 kommentar(er)
