₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,330,536 members, 8,445,942 topics. Date: Wednesday, 15 July 2026 at 07:20 PM

Toggle theme

The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats - Crime - Nairaland

Nairaland ForumNairaland GeneralCrimeThe Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats (661 Views)

1 Reply (Go Down)

The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by crackerspub(op): 4:21am On Jun 18, 2017
Each day, countless of security researchers are fighting the good fight in an effort to help companies remove malware from infected computers and servers. These researchers have to go through numerous hoops to get their message across to the proper person inside companies or government organizations who are allowed or can remove these infections from affected devices.Most of their efforts remain hidden to the casual person, and very few get the credit they deserve for the monumental work they put in on a daily basis.

The silent war researchers wage against cyber-crooks
We'll be taking a look today at a group of researchers that during the past few months have been reporting malware-infected computers to relevant authorities in countries all over the globe. This team is formed by MalwareHunter, Daniel Gallagher, and a security researcher that goes online only by the name of Guido.

For the past few months, using data they search and find on VirusTotal, this group has been identifying malware campaigns, tracking down malware C&C servers, and rummaging through countless of data stolen from infected computers. The group identifies the entity that was infected by malware, usually off-the-shelf commercial keyloggers and remote access trojans, and attempts to contact the company. These contact attempts usually happen via email and Twitter, directly with the company. If the company is unresponsive, and a vast majority of these infected entities are, the group reaches out to local CERT teams and sometimes law enforcement.

Victims include multinationals, politicians, SMBs

Their efforts have unearthed countless of malware infections, including at companies that have yearly profits bigger than most countries. Furthermore, they found malware on the computer of a Prime Minister from a country they were asked not to name.

Despite these high profile targets, most of the time, the group finds malware at smaller companies, which don't have the financial resources to set up a cyber-security department or even hire trained cyber-security professionals.

For example, this is just one of the many Twitter threads where the group shares intelligence on the targets they find, and which they can't get in contact with. The group places this information online in the hopes the company eventually sees it, or someone else with better contacts can lend a helping hand.

Most of these campaigns are carried out by Nigerian hackers
According to MalwareHunter, who spoke with Bleeping Computer in a Twitter conversation, most of these attacks are carried out by groups of hackers based in Nigeria. MalwareHunter puts the number at "about 65-70%" of all the campaigns they find. Those that know how the cyber-security landscape has evolved in recent years will not be surprised. Nigerian cyber-crooks have evolved from the silly email scams they were pulling in the 90s and early 2000s to using more complex tools and tactics.

Nowadays, these groups of Nigerian hackers, called "yahoo boiz," "waya waya" or "G-work" in their local communities, are using clever spear-phishing emails to trick victims into installing keyloggers and RATs. This trend of evolution in the Nigerian cybercrime landscape was noticed by the SecureWorks team last August, and detailed in more depth in a report called "Wire Wire: A West African Cyber Threat." Similarly, this week, Kaspersky also discovered a group of Nigerian hackers targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. The group Kaspersky wrote about in a blog post yesterday uses the same tactics detailed by SecureWorks last year, and observed by MalwareHunter and his friends this year.

From email 419 tax scams to RATs and keyloggers
These Nigerian groups aren't extremely sophisticated, but merely take advantage of free or commercial high-grade hacking tools to carry out more intrusive attacks than they did in previous years.

Basically, the proliferation of hacking tools in recent years has helped previously unskilled spammers to elevate their "hacking" game to new heights of complexity and efficiency.

Kaspersky and MalwareHunter list these tools as common amongst these groups: ZeuS, Pony (FareIT), LokiBot, Luminosity RAT, NetWire RAT, HawkEye, ISR Stealer, iSpy keylogger, NanoCore, and Agent Tesla.

All are keyloggers and RATs that allow an attacker easy access to infected PCs. The groups usually use this access to collect data about targets, which they sell online or use to carry out BEC scams (tricking companies into sending money to bank accounts under their control).

Based only on the data he found on malware C&C servers, MalwareHunter estimates that these hacking groups have stolen between 4 and 5 TBs of data, which contains personally identifiable information from hundreds of thousands of users, from over 1,200 companies. The stolen data belongs guests of hotels, patients of hospitals, clients of travel agencies, business contacts, and many more. Most of the stolen data are small files, such as contracts, Excel spreadsheets, and other small files that hackers can use for reconnaissance. Based on screenshots of hacked computers, MalwareHunter estimates that the hackers have access to petabytes of data, including sensitive CAD design files, private software packages, and other proprietary data.

Poor OpSec exposes the real identities of many of these hackers
Despite using potent hacking tools, these groups often fail to protect their real identities, leaving a trail of clues that many times has led researchers to the attackers' real email accounts and Facebook profiles. The researchers have shared the identities of some of these hackers on their Twitter timelines, but which we'll not be linking due to legal issues. One researcher who helped MalwareHunter and friends on some investigations claims to have compiled a list of 50+ profiles on suspected hackers, detailed with Facebook profiles, geolocation info, pictures, phone numbers, and other data. Despite the efforts of researchers to inform compromised companies, the research group says that authorities have not started an investigation on any of these individuals based on the data they supplied.

Researchers are having a hard time notifying victims
As ironic as it sounds, researchers are having a hard time convincing companies that they need to remove malware from infected PCs, let alone persuade them to file legal complaints. Researchers say that some CERT teams are more responsive than others. For example, CERTs in Jamaica, Denmark, Finland, Armenia, and the Netherlands have responded to their alerts and coordinated with infected companies to remove victims. It's been slower or complete silence with CERTs from Saudi Arabia, UAE, India, and Portugal.

"Lots of people told us CERTs and companies do not take us seriously because the alerts are free," said MalwareHunter about their recent efforts. "Some colleagues said this can be a reason some months ago, but that time I didn't really wanted to believe it. Now, as people repeat that, I have to." Although they had little success so far, researchers say they will continue to hunt down malware command and control servers, track down victims, and notify the infected companies.
http://www.crackerspub.com/nigerian-spammers-90s-moved-keyloggers-rats/

mynd44, Seun, Lalalisclala, Dominique

Re: The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by Justuceleague2: 5:34am On Jun 18, 2017
It can't be the same people , that's the only problem I have with this writeup
Re: The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by sunnysunny69(m): 6:46am On Jun 18, 2017
Big lie against Nigerian. We know the antivirus companies are responsible for creating viruses on the other hand, kaspersky is a don in this con. How will they sell if not many viruses are not out there. Same goes with malware, the malware market leader have spooky and rookies who specialises in the spread so they can sell more anti malware software.
Re: The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by crackerspub(op): 9:33am On Jun 18, 2017
Lalasticlala bro please come and take this thread to the promise land.
Re: The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by Franzinni: 9:37am On Jun 18, 2017
This Western people have found an easy scapegoat to pin all cyber crimes on.... How many Yahoo boys Sabi c++?
Re: The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by crackerspub(op): 9:54am On Jun 18, 2017
Franzinni:
This Western people have found an easy scapegoat to pin all cyber crimes on.... How many Yahoo boys Sabi c++?
grin grin grin
Re: The Nigerian Spammers From The 90s Have Moved On To Keyloggers And Rats by kingthreatz: 10:16am On Jun 18, 2017
Nah. Most hackers are from Armenia, Easter European countries, Vietnam and China
1 Reply

Two Giant Rats Spotted Exchanging Blows Like Humans, In Lagos (photo)Ugandan Man Storms Police Station With Rats That Ate His Money In A Box. PhotoA Nigerian In Germany Loses €85,000 Hidden In A Bag To Lagos Wharf Rats234

Airwavesreport: Money Man, Hush-puppi In Big Trouble!...as Efcc Closes On HimNotorious Criminal Shot Dead After His Charms Failed Him During OperationBusted: Photo Of Buhari, Apc Govs In Uk Is Fake - Ffk, Others Fault Presidency .