Phisher-On-Phisher Crime Surfaces Via Trojaned Auto-Whaler Tool

Author: Dennis Fisher
minute read

It’s a sad day when attackers turn on each other, cannibalizing one another for cheap thrills and easy profits. But that’s the situation now, as phishers have begun going after the weakest among their kind: the lazy, unmotivated wannabe phisher with no skills.

It’s a sad day when attackers turn on each other, cannibalizing one another for cheap thrills and easy profits. But that’s the situation now, as phishers have begun going after the weakest among their kind: the lazy, unmotivated wannabe phisher with no skills.

Researchers at GFI Labs have stumbled upon a new tool that’s designed to automatically locate the sites where phishers store the login credentials that they’ve pilfered, and then steal them. Known as an auto-whaler, this kind of tool isn’t new in and of itself, but the one that GFI discovered–666 auto-whaler–has some extra special functionality: it’s Trojaned.

So for the couch-bound would-be phisher who is trying to find the easy path to infamy and fortune, what he gets instead is a Trojaned tool that is designed to steal passwords. Attackers going after one another is not a remotely new phenomenon; it’s been going on for years with DDoS attacks flying back and forth between rival crews and hackers stealing one another’s tools.

But phishers, being fairly low on the hierarchy of the criminal underground, apparently are just getting around to the point of going after each other. In this case, the 666 auto-whaler drops a file in the victim’s temp folder called CryptedFile.exe, which turns out to be a password-stealing Trojan called Fignotok.

“Step up to the plate, Trojan-PWS.Win32.Fignotok.A (v) – a known password
stealer that generally likes to dabble in everything from gaming
account logins to Instant Messaging and more besides,” GFI’s Christopher Boyd wrote in an analysis of the attack. “Now, there may well be a legitimate version of this [666 auto-whaler] tool floating around out there. However, this thing that I have before me? I believe the phrase I’m looking for is ‘Lol, nope’.

“Password stealer creators targeting Whalers going after Phishers may sound
like a humorously confusing mess of bad people hitting each other in
the face with bricks – and don’t think I haven’t thought about it – but
the gag quickly evaporates once Little Jimmy loses five sets of credit
card details to the void.”

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.