Rewterz Threat Alert – Ouija Malware – IoCs
January 1, 2020Rewterz Threat Alert – APT37 Thallium Broadens Target Industries Around the Globe
January 2, 2020Rewterz Threat Alert – Ouija Malware – IoCs
January 1, 2020Rewterz Threat Alert – APT37 Thallium Broadens Target Industries Around the Globe
January 2, 2020Severity
Medium
Analysis Summary
Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails from attackers claiming to have hacked your PC and installed malware that monitored your internet surfing and made videos using your webcam, when you visited adult sites. The attacker then tortures and threatens the targeted victim about sending that video to all of their contacts to ruin their social reputation, if an extortion demand in bitcoins is not paid by the victim.
While usual sextortion scams are filtered by email gateways, to bypass these filters, attackers have started to utilize new tactics such as sending sextortion emails in foreign languages and splitting bitcoin addresses into two parts. The email below was sent to English speakers in Russian language in which the only text in English is the instruction to “Use google translator.”
Upon translation, following content was found:
The last time you visited a po**ographic website with young teens, you downloaded and installed automatically spy software that I created. My program turned on your camera and recorded the act of your indignation and the video that you observed during the indignation. I also received your contact lists, phone numbers, emails, contacts on social networks. I have a nasty video file g_c.mp4 of you and a file with all your contacts on my hard drive. If you want me to delete both files and keep your secret, you must pass me the bitcoin agent. I give you 72 hours to transfer funds.
Amount: 0.14 bit coins (approximately)
Part 1 Bit Coins: 3Bv9QgEw15QQo1T
Part 2 bit addresses: EUVW4hbBkkd2fEtFfPP
Important: You must connect the two parts (part 1 of the bit-coin address + part 2 of the address of the bit-coin) without spaces between them. You can also save this somewhere so as not to lose the details.
Quick tip! You can buy Bit-Coin from Paxful. Use Google to find it.
The next time you close your cameras, someone can watch this! Limit yourself once a month if you cannot completely switch to NoFap.
Impact
- Bypass of Email Gateway
- Financial Fraud
Remediation
- As this is a scam, do not send any payments to the enclosed bitcoin address.
- Mark the email as spam so that the filters can learn from these new tactics and detect them in the future.