Chronicle Of Nigerian Internet Fraudster “Yahoo Boy” Pursuing His Million Dollar Dream

Cybercrime is one of the most lucrative illegal activities in Nigeria. Press releases from the Nigerian anti-graft commission, EFCC, were usually centred on the arrest of a cybercriminal or group.

In August 2019, 77 Nigerians were among 80 suspects involved in cybercrimes dubbed by the United States prosecutors as one of the “largest cases of its kind in US history”.

In September, the FBI in collaboration with the law enforcement agencies in 10 countries clamped down 281 internet fraudsters. Of those arrested, 167, were from Nigeria.

In a recent development, a Cybersecurity firm, Check Point Research, headquartered in Israel has revealed how a suspected Nigerian cybercriminal under the moniker “Bill Henry” has been targeting hundreds of thousands of unware people.

The Nigerian whose real name was obliterated by the firm and instead referred to as Dton was described thus: “He believes in professionalism, hard work and excellence. He’s a leader, a content creator, an entrepreneur and an innovator; an accomplished business administrator; a renaissance man who is adored by his colleagues. Even his primary school teacher is willing to sing his praises on a phone call’s notice.”

Judging from the blurred details on his curriculum vitae (CV) obtained by the security firm, the male suspect’s name may have been Darlington, an indigene of Edo State and a graduate of the College of Education Ekiadolor, Edo State.

PHOTO: Check Point Research
Internet fraudster
PHOTO: Check Point Research

Although Dton appears to be a typical professional Nigerian, he lives a double life. During the day, he is a business administrator who is in search of better life through legitimate means but at night, he is Bill Henry, a name not peculiar to any typical Nigerian born person.

– How Dton (Bill Henry) operates his Cybercrime business –

The researcher who tracked down the Nigerian internet fraudster discovered his first call place is a Ferrum shop to purchase stolen credit card credentials.

This kind of online store offers dumps service by selling dump cards. According to Investopedia, a credit card dump is an unauthorized digital copy of the information contained in the magnetic strip of an active credit card, such as the card number and expiration date. The information can then be used to create a fake credit card to make purchases.

Dton between the years of 2013 and 2020 regularly visits this site and one specific account he usually uses has purchased about 1,000 credit card credentials for over $13,000. He purchases each for about $4 or $16.

credit card shop
PHOTO: Check Point Research

Every card Dton buys, he tries to make a transaction worth N200,000 with it and if the transaction fails, he tries it with another merchant before giving up; and then he repeats his strategy and purchases another from the site.

His successful transactions have cost the original card owners more than $100,000 or several times of that.

Internet fraudster
PHOTO: Check Point Research

– Why sell for less –

In case you are wondering people that sell these credits card for few bulks must be set of fools, you may be right but not in its entirety. Making payments via stolen credit cards is a risky adventure and requires some set of skills to avoid being traced and that is what people like Dton possess.

– Change of vendor –

Since not all cards purchased by this fraudster generated expected returns, he got frustrated. He is not the type interested in speculation.

Dton decided to harvest credit cards himself.  He began to buy “leads” email addresses of potential victims in bulk. Here is a reason Nigerians need to be cautious of platforms/websites where they provide their emails or enter their card details.

PHOTO: Check Point Research

These emails are just a means to an end and not the end itself. Dton is not a coder, so he purchased different software tools including packers and crypters, infostealers and keyloggers, exploits and remote VMS.

For malware, he purchased AspireLogger, NanoCore, OriginLogger and other VMs software that PC Windows Defender will alert users about.

These softwares are used as RAT (Remote Administration Tool) which allows another person to initiate action or track action on another computer gadgets from anywhere.

These softwares can monitor your login details, extract personal information from your gadgets such as card details, contacts, login in details and lots more.

“On these machines, he would take his hand-picked malicious binaries and run them through packers:

PHOTO: Check Point Research

Dton will need a bait to make the victim allow him access into their gadget. So he will incorporate his malicious binaries in an appealing document:

PHOTO: Check Point Research

He then sends the document to the bulk emails he has purchased.

PHOTO: Check Point Research

Virtual machines vs cybercrime tools

Virtual Machines (VMs) are operating systems designed to run inside other operating systems. This means where two machines are expected to have existed, only one does. The second machine in this case controlled by people like Dton will allow normal communication with the server just like in the case of a physical machine. This is where and how Dton will be able to extract the info he needs from the users’ personal computer.

Sorry!! Victims that clicked the link provided in the email already gave out vital information about themselves, notably their credit card details.

PHOTO: Check Point Research

Happy Dton does not hesitate to share his excitation with friends.

PHOTO: Check Point Research

Everything comes at a price. Since Dton is not a coder, he relies on malware tools suppliers. Sometimes according to the Israeli cybersecurity firm, Dton tool suppliers demands more for their service.

PHOTO: Check Point Research

– Dton venture capitalist –

The tools used by Dton are not cheap. As can be seen in the screenshot above, the tool seller is requesting $800 for his service.

Dton has someone who bankrolls him. It is also suspected that this person also has someone who sponsors him/her and the chain continues.

The sponsor acts as an investor and expects return on investment. When business is bad, the manager is not happy.

PHOTO: Check Point Research

– Novel CoronaRAT –

Dton has a big vision and will not settle for less. He looks out for a way to build is own Malware software (RAT) and spread across different computers just like the pandemic virus, COVID-19 (Coronavirus). Since it is new, no anti-virus or anti-malware is aware of it yet; thus an easy pass for it.

He got someone.

PHOTO: Check Point Research

The deal commenced.

PHOTO: Check Point Research

RATs&exploits also offers personal one-on-one technical support and hands-on demonstration of how to use the RAT. In the screenshot below, he explains how the “Azorult”, works:

PHOTO: Check Point Research

The new RAT works perfectly

RATs&exploits support and loyalty is unwavering.

Let us repeat that: Dton, whose business model is infecting many innocent victims with RATs, and whose work is subject to strict surveillance by infecting his own machine with a RAT, commissioned a malware developer to write a personalized RAT for him and then had that developer’s machine compromised with a RAT. There is a decent chance that your brain just got infected with a RAT by reading this sentence, Check Point Research stated.

– Growing network of Internet Fraudsters in Nigeria –

In a Chron article chronicling how internet fraudster operates, a section was dedicated to explain what the author tagged “The Nigerian Prince” (also 419 scam). This signifies how well Nigerians are now known for their internet scam activities.

Also, internet scammers operating from other countries have queued into Nigeria’s bad reputation for internet scamming and would present themselves to victims as someone from Nigeria.

A Wikipedia article explaining the 419 scam (a.ka Advance-fee scam, The Nigerian Prince), noted: “While Nigeria is most often the nation referred to in these scams, they originate in other nations as well. In 2006, 61% of internet criminals were traced to locations in the United States, while 16% were traced to the United Kingdom, and 6% to Nigeria. Other nations known to have a high incidence of advance-fee fraud include: Ivory Coast, Togo, South Africa, the Netherlands, Spain, Poland and Jamaica.”

– Nigeria 7th most targeted with malware –

A Kasperky survey of its users revealed Nigerians mobile phones are the seventh most targeted by mobile malware.

– How to protect yourself –

A United States cybersecurity firm, Proofpoint, noted that these fraudsters are now refining “their use of social engineering, relying on human interaction rather than automated exploits to install malware, initiate fraudulent transactions, steal data, and engage in other malicious activities.”

These attacks 99 per cent of time relies on you the gadget owner to click a link or open an attachment. Be cautious of opening emails in your spam or email with contents that look too good to be true.

When you notice a potential scammers email, flag it as spam and delete it without trying to check out the embedded link or document.

Also, be cautious of the permission you give apps on your phone.

Click to read more news…

Lanre News | Latest News in Nigeria | Africa | Around the World.

Freelance Writers and Employers, visit our sister site [www.lanrewriter.com] to connect.

Latest Technology News and Web Management Tips, Visit [www.webhealth.com.ng]

lanrenews

Lanre News | Latest News in Nigeria | Africa | Across the World Contact: [email protected]
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Next Post

Coronavirus: RCCG Issues Memo, Alters Services In Ogun, Lagos

Thu Mar 19 , 2020
The Redeem Christian Church of God (RCCG), has issued a memo to all its parishes in Lagos and Ogun States for the need of readjustment in service coordination. The Pentecostal megachurch and denomination was responding to the advent of the new coronavirus (COVID-19) in Nigeria. Lagos State government has closed […]
0
Would love your thoughts, please comment.x
()
x
%d bloggers like this: