Author Topic: Extortion Scam Claims EternalBlue Was Used to Install a Backdoor  (Read 379 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35122
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on your computer using the EternalBlue exploit. The scammers then go on to say that they used the RAT to take videos of you on adult web sites and that you must pay a ransom or they will send it to all of your contacts.

EternalBlue is an exploit allegedly created by the NSA that targets a vulnerability in the SMBv1 protocol. This vulnerability allows attackers to execute commands on a vulnerable computer that can be used to install malware.

The extortion emails being distributed have a subject of "Security Alert. Your account was compromised. Password must be changed" and spins a tale that while visiting a porn site, the EternalBlue exploit was triggered to install a Remote Access Trojan on your computer.

This Trojan was then allegedly used to take videos of you, steal your contacts, and your passwords. It goes on to say if you do not pay a $600 extortion demand, the attacker will send your video to all of your contacts.


Extortion Email

The reality is that this is just a scam and the senders have not utilized any exploits on your computer, there is no RAT installed, and there are no videos of you while using an adult web site. Any passwords or email addresses listed in the email are simply from data breaches where your account info was publicly disclosed.

While you now know this is a scam, unfortunately not everyone else does and some people actually pay the extortion demand. For example, the bitcoin address associated with the above email has a payment of $600 that someone had sent to the attackers.


Extortion Payment

If you ever receive an extortion email, just remember that while they are scary to receive, they are just a scam. The attackers only know the listed email address and password from a data breach and your computer has not been infected and videos were not created.

With that said, if the email does contain your legitimate password, be sure to change it on any site that currently utilizes it as it has been publicly disclosed to many people.

If you are interested in reading the full extortion email, it is shown below.

Quote
Hi, dear user of xxx.com

We have installed one RAT software into you device
For this moment your email account is hacked too.
I know your password for this account [xxx@xxx.com]: xxx

Changed your password? You're doing great!
But my software recognizes every such action. I'm updating passwords!
I'm always one step ahead....

So... I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records where you masturbating.

I posted EternalBlue Exploit modification on porn site, and then you installed my malicious code (trojan) on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.

For the moment, the software has harvrested all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $600 in BTC (crypto currency).
This is my Bitcoin wallet: 11NT1KhH3aXsRw4LS6PFFrT5fRkdZFmne
You have 48 hours after reading this letter.

After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!

P.S. I'm asking you - not to answer this letter because the sender's address is fake, just to keep me incognito.

And henceforth be more careful!
Please visit only secure sites!
Bye,Bye...

While receiving one of these emails can be anxiety provoking, always remember that these are just scams and you should not believe anything they state. Instead, just mark it as spam and delete the email.

source
« Last Edit: July 03, 2019, 11:38:40 AM by javajolt »