OTP Bots

INTRODUCTION DarkTower recently identified and has been monitoring the use of OTP bots, available forpurchase in high-traffic Telegram fraud Group Chats. FINDINGS DarkTower identified several OTP bots circulating. The bots can be used to circumvent Two-Factor Authentication by sending false requestsdisguised as legitimate requests. The bots are primarily sold and operated through Telegram. INVESTIGATION OTP…
Read More

RedLine Stealer

INTRODUCTION A list of RedLine Stealer configurations was found on 19SEP2021 on Twitter, showing hashes, C2_proxy, and the encryption key. RedLine Stealer is a MaaS (Malware as a Service) found in forums and markets for sale. FINDINGS RedLine Stealer was first seen in 2020 and currently has active subscribers. RedLine Stealer is being sold as…
Read More

Fraud Indicator: Dot Variant Email Aliases

INTRODUCTION AND RECOMMENDATION On 14MAY2021, Abidemi Rufai, a pandemic unemployment scammer from Lekki, Nigeria, was arrested at JFK airport as he attempted to leave the country.  In the DOJ press release about the event we learned that he had “used variations of a single e-mail address in a manner intended to evade automatic detection by…
Read More