A classic fake extortion scheme has been taking place in Brazil, in which one or more criminals send the same message via email to multiple people, claiming to have infected their devices and acquired personal and sensitive information in the process. They then blackmail victims into paying a certain amount in bitcoin (BTC) so that alleged intimate videos and images are not leaked onto the internet and directed to friends and family.
O Bitcoin Abuse Database, a platform that compiles blockchain addresses related to ransomware, fraud and scams, indicates that at least three digital wallets are linked to the latest extortion scheme in Brazil. O Techblog found that these addresses have already received a total of 16 transfers, accumulating 0.0779 BTC, an amount equivalent to approximately R$ 15 thousand, according to the quotation at the time of this publication.
The addresses of the reported bitcoin wallets are:
The first reports involving this coup surfaced on July 17, with new allegations occurring daily since then. According to multiple people who commented on the Bitcoin Abuse Database, this is a classic extortion case. Emails are sent from multiple addresses, for example [email protected], and its content is identical for all senders, indicating a likely automated shipping system.
However, the body of the email can be convincing to many people. “Hello, I have bad news for you!!! A few months ago I managed to infect all of their devices, and since then I’ve monitored all their Internet activity”, says the personalized message with some target data, such as name and email.
Email details alleged hacking process
It turns out that the scammer details his supposed invasion process very well through operations that are believable to the layman’s eyes. “I bought some credentials (logins and passwords) from e-mail accounts through hackers (nowadays, it’s quite simple and cheap on the Deep Web). So, in a few weeks monitoring your data, I was able to successfully install my polymorphic virus, totally undetectable, on all operating systems of all devices that you use to access your email account”, continues the text.
The criminal goes further, saying that “it was not difficult” to carry out the invasion and that his supposed virus grants access to all controllers of the target’s devices, such as the microphone, front or rear video camera, keyboard and touchscreen . The described structure would be similar to a ransomware attack, in which the scammer would be mainly collecting pornography access data and secretly recording intimate moments.
Coup requires between BRL 1,500 and BRL 1,600
The text then explains that if the target does not pay an amount in BTC, ranging from R$1,500 to R$1,600 as indicated in the reports, the content would be directed to family, friends, co-workers and posted on the internet. This would be possible because the scammer would also have collected the target’s entire contact list from social networks, messaging platforms and email.
Finally, after paying the required amount, the criminal promises to delete the content and boldly suggests that the target change their passwords across all platforms, or the same could happen again. There are also guidelines not to tell anyone about the extortion and not to call the police, as the scammer would be “watching” all the time.
Reports indicate that hack is fake
However, there is no report of any consequences if payment is not made and no indication that the hacking has actually taken place. Some of the comments on Bitcoin Abuse Database indicate that this is a scam and that nothing happened by ignoring the demands made in the email.
The level of complexity required for such a large-scale invasion can be compared to the famous ransomware attacks of the REvil group. That said, the amount required and the choice of targets are not compatible with the size of the supposed operation. Even so, at least 16 people were victims of the fraud.