17MAY2022 – Gary Warner This week the US Attorney’s Office in the Middle District of Florida announced that Glib Oleksandr Ivanov-Tolpintsev, a 28 year old hacker from Chernivtsi, Ukraine, would be sentenced to four years in prison for his role as a vendor on the xDedic Marketplace. The court documents don’t actually name xDedic regarding…
Read More
News
OTP Bots
INTRODUCTION DarkTower recently identified and has been monitoring the use of OTP bots, available forpurchase in high-traffic Telegram fraud Group Chats. FINDINGS DarkTower identified several OTP bots circulating. The bots can be used to circumvent Two-Factor Authentication by sending false requestsdisguised as legitimate requests. The bots are primarily sold and operated through Telegram. INVESTIGATION OTP…
Read More
RedLine Stealer
INTRODUCTION A list of RedLine Stealer configurations was found on 19SEP2021 on Twitter, showing hashes, C2_proxy, and the encryption key. RedLine Stealer is a MaaS (Malware as a Service) found in forums and markets for sale. FINDINGS RedLine Stealer was first seen in 2020 and currently has active subscribers. RedLine Stealer is being sold as…
Read More
Fraud Indicator: Dot Variant Email Aliases
INTRODUCTION AND RECOMMENDATION On 14MAY2021, Abidemi Rufai, a pandemic unemployment scammer from Lekki, Nigeria, was arrested at JFK airport as he attempted to leave the country. In the DOJ press release about the event we learned that he had “used variations of a single e-mail address in a manner intended to evade automatic detection by…
Read More
