CYBER SECURITY: Nigerian 419 Email Scammers Shift To Malware – Worldwide


by: Ajay Vaishnav, India
Internet security firm Palo Alto Network&#8217s latest report reveals how Nigeria-based scammers have transformed from traditional &#8220419&#8221 phishing attacks, wherein these cyber-criminals simply collected credit card details or personal information of individuals, to steal business-critical data from enterprises. The 419 Evolution report, published by the firm&#8217s threat intelligence team, details how Nigeria-based cyber criminals have evolved from common malware campaigns to advanced tools used by sophisticated criminal and espionage groups.

The researchers at the Internet security firm have been tracking a particular criminal operation referred as Silver Spaniel for months. The attack commences with a malicious email attachment. Once clicked, victims inadvertently download malicious tools onto their devices. NetWire, a remote administration tool, is capable of taking over a Windows, Mac OS or Linux system. On the other hand, DataScrambler, makes sure the NetWire program is undetectable by anti-virus products. According to Palo Alto Network, the attackers bought or leased these tools from other hackers on underground hacking forums.

Analyst Comment:
In the past, the main target of Nigerian scammers has been wealthy, unsuspecting individuals. But, the latest trend suggests enterprise security is at risk. Businesses can adopt ways to mitigate threats emanating from Silver Spaniel-style attacks. All suspicious looking email and content must be blocked and inspected. As traditional anti-virus programs and firewalls are ineffective because Silver Spaniel attacks are specifically designed to evade those technologies, it is advised to not open files sent from addresses one does not recognize. Even with trusted contact, one should exercise caution while opening unsolicited files. In addition, Pinkerton recommends following basic precautions against phishing attempts such as protecting identity and financial details; not trusting unreliable content, emails or downloads; auto-updation of softwares, anti-virus and firewall.


Palo Alto Networks, revealed that cyber criminals in Nigeria, have evolved common malware campaigns infiltrating businesses which were not previously their primary targets.
419 Evolution, released a new report, from Unit 42, the team of Palo Alto Networks threat intelligence, which explains how Nigeria-based scammers are now using the tools, which are often deployed by more sophisticated criminal and espionage groups to steal business-critical data from enterprises.
These criminals are infamous for running easily-spotted “419” phishing scams attempting to collect credit card details or the personal information from individuals, but over the past few years they have expanded their skills to, by targeting businesses, and using more advanced techniques.
Researchers, discovered these activities and techniques, a code-named Silver Spaniel, using WildFire, which rapidly analyzes cyber threats in a cloud-based, virtual environment.
Among other techniques, the criminals use Remote Administration Tools (RATs) available through underground forums, including commercial RATs such as NetWire,
providing complete control over infected systems.
Attacks similar to Silver Spaniel in the past may have come from Eastern Europe or a hostile espionage group.
Also, Traditional Antivirus programs and legacy firewalls are ineffective, because Silver Spaniel attacks are designed specifically to evade those technologies.
“These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another.
The actors don’t show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets,” said Ryan Olson, Unit 42 Intelligence Director.

About chainsoff.

Intelligence Media Service, Monitors and Analyzes Extremists’ activities, including and not limited to: The Muslim Brotherhood, Kurdish Terrorism, Syrian Politics, Jabhet Al-Nusra, Hezbollah, Cyber Crime, and Taliban activities in Syria. Well known for her deep knowledge on Terrorism. Open Source Exploitation expert in the discovery, collection, and assessment of foreign-based publicly available information, also known as Open Source Intelligence (OSINT), HIMNT
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s