Massive “Sextortion” Scam Compromised 450,000 Hijacked Computers to Send 30,000 Emails an Hour

According to researchers, a massive “sextortion” scam has compromised over 450,000 hijacked computers to send 30,000 hostile emails an hour.

It’s always fun to open a threatening letter suggesting I’m a pervert. Wait…what? Welcome to sextortion emails.

Now obviously, we don’t all have things to hide so it only works if the timing is right. But when the timing is spot on, and maybe you have been up to no good, this threat hits home.

The emails threaten to release compromising photographs of the victim unless $800 is paid in Bitcoin.

What makes the email so effective is they also contain personal information – such as the recipient’s password – probably collected off the dark web in a data breach, to specifically target more than 27 million potential victims at a rate of 30,000 per hour. While only a small amount of targets have fallen for the scam, one analyst said such botnets still offered a great “return on investment” for cyber-criminals.

“A botnet can be used for many, many things,” said Charles Henderson, from IBM’s X-Force Red security team. “This was just one task assigned to it.”

A botnet is a network of computers taken over by hackers using malicious software typically spread through infected web pages or email attachments.
They can carry out attacks spread across a wide number of machines, making it harder to disrupt and the attacker’s origins harder to trace.

Security Company Check Point said this latest sextortion attack used the Phorpiex botnet, active for more than a decade.

Yaniv Balmas, head researcher at Check Point said those whose computers – Windows or Mac – had been hijacked would probably not know.
“Attackers are simply using the victims’ computers as vessels,” he said.

Spreading an email campaign across a botnet in this way would reduce the risk of the emails being flagged as spam – though it’s not clear how many were able to reach people’s inboxes.

“The criminals are getting smart enough to use a larger botnet and sending fewer emails per machine,” said Mr Henderson, who was not involved in Check Point’s research but has observed the same botnet in operation.

Researchers suggest using the latest versions of software – particularly web browsers, in this instance – to avoid vulnerability to this attack.

“Save Yourself” – is the usual subject line on these emails, with the content stating: “My malware gave me full access to all your accounts (see password above), full control over your computer and it was possible to spy on you over your webcam.”

The threat is not true but the emails do include an authentic password associated with the target’s email address.

“The attacker is saying, ‘Hey, we hacked your computer, we saw you doing this and that, and this proves it. This is your password’,” Mr Balmas said.
Check Point monitored one Bitcoin wallet used to collect funds from the scam and found about 11 bitcoin – almost $100,000 – collected in a five-month period.

“Most people don’t fall for sextortion scams,” Mr Balmas said. “But it’s the rule of big numbers. If I’m sending 100,000 sextortion emails, it’s enough that 100 people fall for the trap. I get my money.”

He said it was likely the same botnet was being used to carry out other, more lucrative attacks, such as the theft of credit card details.

“It’s not somebody doing this from his garage,” Mr Balmas said.“It’s a group of individuals doing this for their day jobs. This is their business.”

Sources:

https://www.bbc.com/news/technology-50065713

‘Sextortion botnet spreads 30,000 emails an hour’

Image Source: https://www.pexels.com/photo/close-up-of-computer-keyboard-257930/