If you find our resources valuable, please support us by making a small donation. Thank you!

x

Phone Malware Recording You

UDATED BELOW 10/25/18:
We’ve just heard from a TDS reader (9/1/18) who received the email below.  It is unlike anything we’ve seen before but we know for certain it is a scam and was likely sent to thousands of email addresses at random.

The sender informs the recipient, whose phone number ends in “54” that he has tricked the phone owner into installing malware on the phone.  With that malware, the scammer says he has recorded “private videos” that he will publish if you don’t contact him and pay him money within 48 hours.  We know this is a scam because the TDS reader who sent this to us doesn’t have a phone number ending in 54.

Notice that the email came from an address based in Japan (.jp = 2-letter country code for Japan).  Yet, the recipient is asked to reply to an email address associated with the domain service456[.]club.  A WHOIS lookup of this domain shows that it was registered two days earlier (8/30/2018) through a private proxy service in Panama.

Don’t believe this nonsense!  It is a bluff, similar to the sextortion bluff we described in our article “Sextortion by Email.”

==========================================================

UDATED 10/14/18:
We were contacted on October 12 by a woman we will call “Andrea.”  Andrea received the following two emails ten minutes apart.  One of the things that bothered Andrea is that both emails were spoofed to appear as though they came from Andrea’s own email address.  That isn’t difficult for criminals to do.  Both emails are complete lies.  Andrea’s computer was not hacked and isn’t recording her.  Also, based on the subtle language clues, we suspect scammers in Africa…

From: [REDACTED]
Sent: 10/12/2018 5:43:01 PM
To: [REDACTED]
Subject: [EMAIL REDACKED] was hacked

Hello andrea@

My nickname in darknet is ephram28.

I’ll begin by saying that I hacked this mailbox (please look on ‘from’ in your header) more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.

Send the above amount on my bitcoin wallet: 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzc Q4Bq
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Good luck!

FOLLOWED BY…

From: [REDACTED]
Sent: 10/12/2018 5:53:55 PM
To: [REDACTED]
Subject: [EMAIL REDACKED] was hacked

Hello andrea@

My nickname in darknet is earlie19.
I’ll begin by saying that I hacked this mailbox (please look on ‘from’ in your header) more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.

Send the above amount on my bitcoin wallet: 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzc Q4Bq
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Good luck!

==========================================================

UDATED 10/25/18:
On October 24 we heard from two more people who received nearly identical scam emails like those above.  In the second email below, the scammer made the email appear to come FROM the email address he sent the email to.  Also, the criminal CORRECTLY identified the recipient’s password!  It was the very simple sequence “757575.”  How did the scammer do that?  It’s easy!  Many user’s passwords and email addresses have been hacked over the years from dozens of online services such as Yahoo and Adobe.  You can actually visit the website called HaveIBeenPwnd.com to see if your email address has been found on the Dark Web along with password information.  The scammer simply gathered up known passwords and email addresses from other hacks that are posted online and then sent these bogus emails!

Hello!

My nickname in darknet is des53.
I hacked this mailbox more than six months ago. Through it I infected your
operating system with a virus (trojan) created by me and have been
monitoring you for a long time.

Even if you changed the password after that – it does not matter, my virus
intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing
history.
Accordingly, I have the data of all your contacts, files from your computer,
photos and videos.

I was most struck by the adult sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the
camera of your device, synchronizing with what you are watching.
Oh my god! You were so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $880 is quite a fair price
to destroy the dirt I created.

Send the above amount to my Bitcoin wallet:
321DuawT7hhUvnUfEeawgDidQhCsCK8swD

As soon as the above amount is received, I guarantee that the data will be
deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your
contacts from your device.
Also, I’ll send to everyone your contact access to your email and access
logs, which I have carefully saved.

Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that
you have seen the letter.

I hope I taught you a good lesson.
Visit safe websites only, and don’t enter your passwords anywhere!

Good luck!

AND ALSO:

From: [EMAIL REDACTED]
Subject: [EMAIL REDACTED] is hacked
Date: October 19, 2018 at 5:25:56 PM EDT
To: “757575” [EMAIL REDACTED]

Hello!

My nickname in darknet is mead85.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from steves@maltzsales.com is 757575

Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $858 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1FHPbKHcSx9CaXJzDpLoXG733ipQ77 UNx9
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Good luck!