An interesting way to deliver malware or how “hackers” break into “scammers”
Recently I read an article about finding information in documents uploaded to Vkontakte documents. I began to manually enter the keywords “passport”, “scan” and found a whole bunch of virus archives ( screen ) intended for those who are looking for documents on certain queries ( results of virustotal check ). I decided to check the situation on other resources and found the systemic nature of this situation. Actually, I decided to write a small article about this. 
It is no secret that in order to implement phishing attacks and attacks using social engineering, it is necessary to possess as much information as possible about the object or the victim chosen. Most often, such information is taken from social networks and publicly available sources (as in the example above). In addition, one of the best sources of data for creating a fake personality is all the same social networks. Who is looking for someone else's passport data and for what? There may be a lot of answers here, but I would answer this way: “The one who conceived something illegal” or “when a fake person is needed”.
Other passport data can be used to register domains or, for example, pass the first level of verification in online payment systems, where they are asked to upload a passport photo as the first level of identity verification. This means that such “villains”, which I would call “scammers”, are interesting to a different audience of “villains”, which I would call “hackers”. So I thought of some kind of “hacker” to download Trodins like Radmin in order to crack “scammers” who are interested in other people's data. On the documents of VKontakte, he was not limited.
It is also not a secret that people often send important information through file sharing services, because it is fast and convenient. Through the file sharing service, you can quickly reset a passport scan to a friend or friend, or even passwords from FTP or sites. People do not worry about the future of downloaded files, because they think that only they have the link. And no! Long ago, there are and even sold special parsers ( Proof 1 ), ( Proof 2 ), which go through the ranges of such links to popular file sharing sites and download everything that contains key phrases, for example “passport”, “password” and sometimes even “scan” credit cards.
')
“Hackers”, who obviously hunt for such “scammers”, also “cut through the chip” and upload their viruses to the same file sharing service, designed specifically for scammers, complicating the scheme with a password for the archive (to protect against online anti-virus scanners), which is contained in the file name for example “My passwords (password 123) .rar” and so on. In such a simple way, it became clear that you can catch scammers on their own hook, a kind of reverse phishing. The same file sharing technology is used by people working with Adware affiliate programs who pay to install additional software. Hundreds of files with different seo optimized names of popular software are created and downloaded wherever possible as a result of a lot of downloads, many installations, profit. To protect against online antivirus scanners are also used exotic ways of archiving.
Resources notified of a similar problem.
It is no secret that in order to implement phishing attacks and attacks using social engineering, it is necessary to possess as much information as possible about the object or the victim chosen. Most often, such information is taken from social networks and publicly available sources (as in the example above). In addition, one of the best sources of data for creating a fake personality is all the same social networks. Who is looking for someone else's passport data and for what? There may be a lot of answers here, but I would answer this way: “The one who conceived something illegal” or “when a fake person is needed”.
Other passport data can be used to register domains or, for example, pass the first level of verification in online payment systems, where they are asked to upload a passport photo as the first level of identity verification. This means that such “villains”, which I would call “scammers”, are interesting to a different audience of “villains”, which I would call “hackers”. So I thought of some kind of “hacker” to download Trodins like Radmin in order to crack “scammers” who are interested in other people's data. On the documents of VKontakte, he was not limited.
It is also not a secret that people often send important information through file sharing services, because it is fast and convenient. Through the file sharing service, you can quickly reset a passport scan to a friend or friend, or even passwords from FTP or sites. People do not worry about the future of downloaded files, because they think that only they have the link. And no! Long ago, there are and even sold special parsers ( Proof 1 ), ( Proof 2 ), which go through the ranges of such links to popular file sharing sites and download everything that contains key phrases, for example “passport”, “password” and sometimes even “scan” credit cards.
')
“Hackers”, who obviously hunt for such “scammers”, also “cut through the chip” and upload their viruses to the same file sharing service, designed specifically for scammers, complicating the scheme with a password for the archive (to protect against online anti-virus scanners), which is contained in the file name for example “My passwords (password 123) .rar” and so on. In such a simple way, it became clear that you can catch scammers on their own hook, a kind of reverse phishing. The same file sharing technology is used by people working with Adware affiliate programs who pay to install additional software. Hundreds of files with different seo optimized names of popular software are created and downloaded wherever possible as a result of a lot of downloads, many installations, profit. To protect against online antivirus scanners are also used exotic ways of archiving.
Resources notified of a similar problem.
Source: https://habr.com/ru/post/283224/
All Articles