May 10, 2016 at 14:00An interesting way to deliver malware or how "hackers" crack "scammers"
Recently I read an article about finding information in documents uploaded to Vkontakte documents. I started typing the keywords “passport”, “scan” with my hands and discovered a whole bunch of archives with viruses ( screen ), designed for those who are looking for documents for certain requests ( virustotal results ). I decided to check the situation on other resources and found the systematic nature of this situation. Actually, I decided to write a short article about this.
It is no secret that in order to implement phishing attacks and attacks using social engineering it is necessary to possess as much information as possible about the object or the selected victim. Most often, such information is taken from social networks and publicly available sources (as in the example above). In addition, one of the best sources of data for creating a fake identity is all the same social networks. Who is looking for other people's passport data and for what? There can be many answers here, but I would answer like this: "The one who conceived something illegal" or "when you need a fake personality."
Foreign passport data can be used to register domains or, for example, pass the first level of verification in online payment systems, where they ask you to upload a photo of your passport as the first level of identity verification. This means that such “villains,” whom I would call “scammers,” are interesting to another audience of “villains,” whom I would call “hackers.” So some kind of “hacker” thought of downloading Trojans like Radmin in order to crack “scammers” who are interested in other people's data. He didn’t limit himself to VKontakte documents.
It’s also no secret that people often send important information through file hosting services, as It is fast and convenient. Through a file hosting service, you can quickly reset a passport scan or even passwords from FTP or sites to a friend or acquaintance. People do not worry about the fate of the downloaded files, because they think that only they have a link. And no! Long ago, special parsers exist ( Proof 1 ), ( Proof 2 ), which sort through the ranges of such links on popular file hosting sites and download everything that contains key phrases, for example, “passport”, “password” and sometimes even “scan credit cards. "
“Hackers”, who are clearly hunting for such “scammers,” also “cracked the chip” and upload their viruses designed specifically for scammers to the same file hosting services, complicating the password scheme for the archive (for protection against online antivirus scanners), which is contained in file name for example “My passwords (password 123) .rar” and so on. In such a simple way, it became clear that you can catch scammers on their own hook, a kind of reverse phishing. The same file distribution technology is used by people working with Adware affiliate programs that pay to install additional software. Hundreds of files are created with different seo optimized names of popular software and downloaded wherever possible, as a result of many downloads, many installations, profit.
Resources are notified of a similar issue.
It is no secret that in order to implement phishing attacks and attacks using social engineering it is necessary to possess as much information as possible about the object or the selected victim. Most often, such information is taken from social networks and publicly available sources (as in the example above). In addition, one of the best sources of data for creating a fake identity is all the same social networks. Who is looking for other people's passport data and for what? There can be many answers here, but I would answer like this: "The one who conceived something illegal" or "when you need a fake personality."
Foreign passport data can be used to register domains or, for example, pass the first level of verification in online payment systems, where they ask you to upload a photo of your passport as the first level of identity verification. This means that such “villains,” whom I would call “scammers,” are interesting to another audience of “villains,” whom I would call “hackers.” So some kind of “hacker” thought of downloading Trojans like Radmin in order to crack “scammers” who are interested in other people's data. He didn’t limit himself to VKontakte documents.
It’s also no secret that people often send important information through file hosting services, as It is fast and convenient. Through a file hosting service, you can quickly reset a passport scan or even passwords from FTP or sites to a friend or acquaintance. People do not worry about the fate of the downloaded files, because they think that only they have a link. And no! Long ago, special parsers exist ( Proof 1 ), ( Proof 2 ), which sort through the ranges of such links on popular file hosting sites and download everything that contains key phrases, for example, “passport”, “password” and sometimes even “scan credit cards. "
“Hackers”, who are clearly hunting for such “scammers,” also “cracked the chip” and upload their viruses designed specifically for scammers to the same file hosting services, complicating the password scheme for the archive (for protection against online antivirus scanners), which is contained in file name for example “My passwords (password 123) .rar” and so on. In such a simple way, it became clear that you can catch scammers on their own hook, a kind of reverse phishing. The same file distribution technology is used by people working with Adware affiliate programs that pay to install additional software. Hundreds of files are created with different seo optimized names of popular software and downloaded wherever possible, as a result of many downloads, many installations, profit.
Resources are notified of a similar issue.