The Phantom Menace - Scammer Targets Oil and Gas Industry With Malware-less Attacks

scammer malware-less

A scammer is found stealing credentials of oil brokers with a malware-less attack dubbed "The Phantom Menace" to swindle buyers across Germany, Spain, and across Asia out of cash, according to a report from PandaLabs.


First, the scammers sends an email containing a PDF file, which is actually an executable file that used the icon of Adobe Acrobat Reader documents to trick users. 

When executed, it grabs broker credentials and then transfers it off to attacker's remote server. Then the scammer uses the stolen information to perform their malicious tasks.

"In short, the scam works like this: the scammer contacts a broker or middleman and offers them a large amount of BLCO (Bonny Light Crude Oil), one to two million barrels, at a very competitive price," the Panda Labs team says in the report.

Since its a malware-less attack, no antivirus engine in the world can detect it. The reason behind this "no threats" scenario is because the attacker using a series of legitimate applications that do not trip antivirus systems to collect and send victim's user names and passwords.   

Researchers at PandaLabs have found over 80,000 text files with stolen credentials from other firms, in the attacker's FTP server.

They traced the information to a person living in Ikeja, who is the owner of a goods transport company.

"Even though all the evidence seems to indicate that this is the person responsible for the attack  there is no way for us to prove it. It would require the police to launch an investigation and obtain information about the FTP connections, etc., in order to get the IP address of the person who signed up to the service and find the culprit," the researchers said.

No comments

Powered by Blogger.