Nigerian scammers buy exploit kits to defraud Asian businesses

Deeper reconnaissance of infiltrated accounts can lead to big thefts

Microsoft Word Intruder is one of the administration tools used by a group of Nigerian scammers to monitor infected computers.

Microsoft Word Intruder is one of the administration tools used by a group of Nigerian scammers to monitor infected computers.

A small group of Nigerian scammers is using more sophisticated methods to defraud mostly Asian businesses, including buying exploit kits and malware from experienced coders, according to a new report from FireEye.

The security company said the group performs deep reconnaissance of its potential victims, jumping inside financial transactions in order to try to divert payments to their own accounts.

The schemes are much more complex than so-called 419 or advance fee fraud scams, where random victims are induced to send funds in order to get a non-existent but much larger payoff.

To carry out the scam, the group often uses the Microsoft Word Intruder exploit kit. The kit can be used to create malicious Word documents that are then sent over email. If opened, the victim's computer will be infected with a keylogger.

The group buys the tools from experienced malicious software coders, paying for remote access tools, keyloggers and exploit kits, FireEye said.

More than 2,300 victims have been targeted in 54 countries. It appears the group seeks out small to medium size businesses in Asia that perform financial transfers to suppliers. By targeting non-Asian speakers, the grammatical atrocities of the phishing emails are also less noticeable, which can be tipoffs to a scam.

The exploit kit will install the HawkEye or KeyBase keyloggers, which collect authentication credentials for email accounts. The scammers then watch those accounts, monitoring correspondence between businesses and suppliers, looking for an opportune moment to inject themselves into a transaction.

"Once the scammers identify an interesting victim, they log into the victims accounts using the stolen credentials and study the different transactions in which the victims are involved," FireEye wrote.

If a pending transaction looks promising, the group creates a similar email address as to the victim, copying the email thread between the two parties to make it look legitimate. The scammers then pressure one party to accept different bank account details, diverting money to their own accounts.

The scammers then use a network of mules to accept the payments into their own accounts and forward it on.

Some operations have been very lucrative successes. FireEye included emails from one scammer to a money mule partner in Indonesia alerting that $900,000 and €300,000 would be transferred to an account soon.

"With this single transaction, the scammer is slated to collect over $1 million," FireEye wrote. "We believe that they launder their money through a few strategies such as buying gold and luxury items, or mixing the money they have obtained through these scams with money collected legitimately."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securityFireEyefraud

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?