Backscatter Spam Attack Used to Deliver Bitcoin Extortion Messages to Eastern Europe

Bitdefender Family Pack 2018

Bitdefender Antispam Lab researchers have been analyzing a wave of extortion messages sent via backscatter spam or “non-delivery report messages” (NDR). Beginning Jan. 4, spammers have been focusing on delivering tens of thousands of messages to recipients in Eastern Europe, including Romania, Hungary and Croatia.

Backscatter spam attacks are the result of malicious actors forging or spoofing the “From” address (using valid e-mail addresses) in a sent email. Once the spam email is assembled, the spammers send the messages to non-existent recipients, tricking the email servers into returning the undeliverable message to the forged e-mail address in the “From” section of the email header.

Backscattering is used to bypass spam filters and get recipients to read a message or access attachments. Most often, an NDR recipient will check the validity of the message before deleting it. The non-delivery report messages generated as a result of this spam campaign contain extortion messages claiming recipients’ devices are infected with malicious software.

The extortionists use a classic approach in their attempt to get victims to pay up. They warn recipients that they have access to devices, including webcam, microphone and keyboard, and that they have already harvested personal data, including photos and lewd videos of them watching adult material. The attackers deliver their coup de grâce by announcing their true intentions – they want you to transfer between €1,200 and €1,350 to their Bitcoin account.

“If you still have doubts about my serious intentions, please know that it only takes me a few mouse clicks to distribute this video to all your acquaintances, even relatives or co-workers,” the message reads. “I also have no problem making this video even public. I strongly believe that you do not want something like this, understanding how special those videos are that you watch with so much passion (and I’m sure you are aware of that), everything can turn into a real nightmare for you. Let’s solve the problem like this: All you have to do is transfer €1200 to my account (the equivalent in Bitcoin at the exchange rate at the time of the transfer), and once the transaction is successful, I will immediately delete everything that means naughty materials.”

Recipients in Romania and Croatia are asked to pay 1,200 Euros or 9,000 Croatian Kuna, while victims in Hungary need to dig deeper in their pockets to transfer 1,350 Euros.

An analysis of a small batch of spam samples and cryptocurrency wallets revealed at least three Bitcoin transactions. The latest transaction, from Jan 7, is associated with a Bitcoin address provided in one of the Hungarian versions of the scam email and shows a balance of $1,490.03.

The spam campaign is ongoing, but our researchers have noticed a drop in received backscatter spam during the last 24 hours.

“The spread and popularity of digital currencies in Eastern Europe have pushed malicious actors into exploiting new hunting grounds, with little consequence,” said Adrian Miron, Bitdefender’s Cyber Threat Intelligence Lab Manager. “The decentralization of cryptocurrency offers excellent opportunities for cybercriminals to launder funds from illicit activities including ransomware attacks and extortion attempts. Since digital threats are no longer bound to particular geographic regions or countries and with no central authority to monitor transactions and crypto activities, threat actors will keep crypto-based extortions under their radar during 2022 and beyond.”

Sextortion scams are highly popular, allowing cybercriminals to capitalize on the fear of having any indecent photos or videos exposed online. The extortionist always says your system is infected in some way and that sexually explicit images were snapped using your webcam or harvested from different files on your device.

We advise recipients of bounce-back emails containing threatening messages to not fall for the attackers’ extortion attempts. Simply ignore and delete the message.

Here at Bitdefender, we focus on keeping your devices protected from new and existing threats of all kinds. We know the importance of autonomy and safety in the digital world, and we want to ensure that your devices are ready to face any malicious or fraudulent attacks heading your way. Take care of your family’s devices for up to 90 days, with our extended Bitdefender Total Security trial. If you’re already set up, why not notify your close friend or family member, to help them overcome any potential attacks that may lead to severe financial damages.

Stay Safe!