Arthur East, the brainchild and organizer of IT Security Day, the founder of the Voluntary Cyber Defense Co-operation, answered our question on how send financial gain to the senders of the sms
– This type of attack is based on the perpetrators delivering a pathogen to the victims ’phones. The pathogen collects all the information on the device that may be of interest to hackers. Examples include phonebook data, call data, and all other sensitive information. It then sends the collected information to the hackers’ server via an encrypted channel. However, this server is constantly changing, as hackers actively monitor how law enforcement agencies try to map their activities, and partly in line with this, and partly through the software itself, it automatically publishes the captured information to new and new servers.
With this information, hackers look for additional victims by cleverly matching the phone numbers already in their database with the phone numbers obtained from the victims’ devices. They also look for all kinds of personal information, possibly banking information, that they can misuse later. An additional feature of a malicious device running on a mobile phone is that it returns a fake page instead of the real banking page instead of the banking application opened on the phone and asks for all the data that the perpetrators need. Presumably, however, the solution also works in such a way that the victim does not open the banking page on his / her mobile phone.
I met a victim who hacked his bank details on a separate computer and then, when he received the second factor confirmation SMS from the bank, the attackers were able to take control of the bank account and transfer millions of items to another bank account.
The purpose of hackers is, on the one hand, phishing, gathering information, and, on the other hand, stealing and transferring victims’ money to another address. As this is a very complex, complex form of attack, I have to say that in some cases the attackers go down to a depth not seen before in civilian casualties and only in the business market – they are closer to targeted attacks.
An earlier variant of the same pathogen took roughly 60,000 victims in Spain at the end of December, and after a few months of investigation only one group of perpetrators could be arrested by the authorities, so unfortunately this form of cybercrime seems to be quite effective,
The variant seen in December was probably used only by its developer or a group of developers, colleagues did not see any trace of the pathogen being sold on the internet or otherwise disseminated.
There is a theory that that the same attackers were now looking for new target countries, but that nor can it be ruled out that it was also offered to a limited extent to other hacker groups. We have now come across several versions of the scam: in addition to the parcel version, there has also been a more phishing version that promises a telephone prize, but it cannot be said with certainty that it belongs to the same strain of the pathogen. In any case, use the same “your package came” cliché.
It is important that the pathogen is only effective if the recipient downloads the app and then installs it, so you have to make several mistakes to finally be effective from the attackers ’point of view, but unfortunately during the Easter and pandemic period, a lot of people tend to click on anything to get, say, an expected package. Unfortunately, this is a very successful and effective campaign, and if we look at the technology used – especially the sophisticated connection to the central server and the different technologies used in the device – the developers probably put a lot of work into building the application.
Whether this pays off for cybercriminals is, of course, not yet known at this stage, as there are currently no specific, available data on the number of victims, but I think we can basically speak of a financially successful cyber attack – the from hackers’ point of view
Hardware, software, tests, curiosities and colorful news from the IT world by clicking here
