The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull).
Funnull is a Philippines-based company which provides computer infrastructure for thousands of websites associated with cryptocurrency investment fraud (CIF) scams, commonly referred to as “pig butchering,” and other illicit activities. During CIF scams, perpetrators pose as potential romantic partners or friends to gain victims’ trust, who are then convinced to invest in virtual currency. The perpetrators direct their victims to deposit money into what appear to be legitimate investment platforms, such as websites or applications. Ultimately, money sent to these platforms is not invested, and instead goes directly to the scammers. Funnull facilitates these scams by purchasing IP addresses and providing hosting services and other internet infrastructure to groups performing these frauds.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New Variant of Paradise Ransomware Spreads Through IQY Files
March 18, 2020
Internet Query Files (IQY) were used to deliver a new variant of Paradise ransomware, as reported by Last Line. The said file type has not been associated with this ransomware family before. In the past, IQY files were typically used in other malware campaigns such as the Necurs botnet that distributes IQY files to deliver FlawedAmmy RAT. Bebloh and Ursnif also spreads ...
- APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT
March 17, 2020
A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. The ...
- New Ursnif Campaign Targets Users in Japan
March 17, 2020
Trend Micro researchers detected a new Ursnif campaign targeting users in Japan. The malware is distributed through infected Microsoft Word documents coming from spam emails. Ursnif, also known as Gozi, is an information stealer that collects login credentials from browsers and email applications. It has capabilities for monitoring network traffic, screen capturing, and keylogging. It is ...
- They Come in the Night: Ransomware Deployment Trends
March 16, 2020
Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop cases against drug dealers. Ransomware operators have recently begun combining encryption with the threat of data leak and exposure in order ...
- MonitorMinor: vicious stalkerware?
March 16, 2020
What is the usual functionality of stalkerware? The most basic thing is to transmit the victim’s current geolocation. There are many such “stalkers”, since various special web resources are used to display coordinates, and they only contain a few lines of code. Often, their creators use geofencing technology, whereby a notification about the victim’s movements is ...
- Analysis: Abuse of .NET features for compiling malicious programs
March 12, 2020
The .NET framework, a software development framework created by Microsoft and is now a built-in component of Windows, includes components that enable developers to compile and execute C# source code during runtime. This allows programs to update or load modules without having to restart. While the .NET framework is originally intended to help software engineers, cybercriminals ...