Subscribe Us

In a report published cybersecurity firm CheckPoint Research discovered the digital trail of an Nigerian cyber criminal who took the name of "dton" by sending malicious mail with custom malware and targeting hundreds of thousands of people in the "Bill Henry" username.

Dton began with the purchase of stolen credit card information from Ferrum Shop online market, which sells over 2.5 million credentials stolen, and charge each of them $550 in fraudulent network transactions of over $100 thousand.


During the 2013-2020 period, he frequently logged into an account that was transactions over $13,000 in credit card credentials, "Check Point reports. The researchers subsequently found out that Dton's cyber crime monetization was no longer dependent on the purchase of stolen credit cards.

Rather, he began himself collecting these data, for which he purchased bulk e-mail lists of new victims and malicious instruments including keyloggers and remote management software such as Nanocore and AZORult, a spyware family that steals information and installs additional malware.

In the next stage, Dton organizes a RAT-spamming mechanism whereby a custom malware is disguised as safe e-mails and sent to each e-mail address to obtain user credentials without the knowledge of the recipient. "Dton has been active in Benin City, a city in southern Nigeria which has a population of over 1,5 million for more than seven years," researchers told the Hackers Review . " His main concern was the procurement of malicious commercial tools: packers and crypters, keyloggers and infostealers, vulnerabilities and remote VM.

Dton now disguises its personalized malware into daily email attachments, explores the malware to each email address in his lists and gathers user credentials without the knowledge of email owners.

When someone's business is well finished, Dton infects them with RAT only if it turns out useful at a later date; when someone's business is less than fine, Dton settles the conflict by reporting them to Interpol.

It is not shocking that bad actors often find ways to get users to access information remotely from their devices. By integrating advanced social engineering techniques with information from other sources on the target, the attacks have proved to be an effective way to overcome safety barriers.

Post a Comment

Previous Post Next Post