Trojan Authors Recruit 'Money Mules' From List Of Stolen Identities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Trojan Authors Recruit 'Money Mules' From List Of Stolen Identities

While the hackers solicit mules to move money from compromised bank accounts, Monster.com shuts down data cache.

The malware authors behind the Prg Trojan appear to be soliciting their identity theft victims to become 'money mules,' moving stolen money from bank accounts to the hackers' own coffers.

Vikram Thakur, a researcher with Symantec's Security Response team, reported in a blog post that they have discovered templates of e-mails that the Trojan authors are sending out, using their newly acquired collection of stolen identities to target their money mule scam at people looking for jobs.

"The templates all point to the same position," wrote Thakur. "The job is that of a 'Transfer Manager' at an investment company. The job description states that the position would entail facilitating financial transactions made by the clients of the investment company. The e-mail looks very realistic and may convince many that it has been sent from Monster.com or Careerbuilder.com."

While the e-mail says the job doesn't require any experience and offers a $500 sign-on bonus and the ability to work from home, it also notes that it does require people to have an account with Bank of America for wire transactions.

Gunter Ollmann, director of security strategy at IBM's Internet Security Systems, explained that cybercriminals, like hackers and phishers, have been using mules for several years, setting them up to move money out of a compromised bank account and then to transfer it -- possibly even wire it -- to the hacker's overseas account.

"The average life of a mule appears to be fairly short," added Gunter. "People have no idea what a mule actually is so they don't realize they're participating in a money laundering scam. They're being promised that they can work for an hour or two a day and earn thousands a month. They only have to live in the U.S., use this bank, and work from home a few hours a day."

In this particular case, the authors of the Prg Trojan are using the plethora of identities that they've stolen in the last several months to find of potential mules.

In the last few weeks, researchers from SecureWorks found 12 caches with about 100,000 stolen identities -- all stolen via fraudulent ads on Monster.com. And researchers at Symantec found another massive cache -- this one contained about 1.6 million pieces of stolen data, such as names, addresses, mobile phone numbers, and name of employers. The number correlates to data pieces, not 1.6 million victims.

It's still unclear how many stolen identities -- how many victims of identity theft -- the information in that cache represents, according to Dave Cole, director of Symantec's Security Response team.

On Wednesday, Monster Worldwide, parent company of Monster.com, released an advisory saying that it is investigating the impact the Trojan has had on its database.

"Monster has identified and shut down a rogue server that was accessing seeker contact information through unauthorized use of compromised legitimate employer-client log-in credentials," said the advisory. "The information contained on this server was limited to names, addresses, phone numbers, and e-mail addresses. The company is currently analyzing the number of job seeker contacts impacted by this action and will be communicating with those affected as appropriate."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll