Criminals impersonating US Visa Service staff on Skype have infected victims with a RAT (remote access trojan) known as Qarallax.
US bound hopefuls
looking for additional US Visa information may find themselves
talking to cyber criminals who are looking to send them a malicious file.
The fraudulent accounts are very similar in name to the legitimate
agents. Those tired or rushed may not notice the slight difference.
"Please verify the Skype ID of the US Visa Service Desk before adding it... Agents will not instruct you to pay your MRV fee over the phone; we strongly advise you to verify payment instructions on the Bank and Payment options page before paying your MRV Fee. Our call center agents will not engage in a chat conversation via Skype. A chat option is available through a different application on this page."Qarallax RAT consists of master and slave components. The users are responsible in expanding their network of slaves by tricking their victim into running the application. Attackers send the slave element to the victim via Skype. User think that they are getting a necessary document from a legitimate source.
The master program, held by the hacker, connects to the same IP address as the slave program. If the license for the master program is valid, it will then require the user to enter the port number that matches the slave port in order to view the victimized machines.
Hackers may send the infection via email, in addition to Skype.
0 comments:
Post a Comment