상세 컨텐츠

본문 제목

"Payment from your account." 제목으로 대량 유포 중인 혹스(Hoax)메일 주의!!

악성코드 분석 리포트

by 알약1 2021. 5. 11. 11:29

본문

안녕하세요. ESRC(시큐리티 대응센터)입니다.

5월 8일 오전 8시부터 국/내외 불특정 다수의 사용자에게 협박성 Hoax 이메일이 유포되고 있어 사용자들의 주의가 필요합니다.

이번에 발견된 메일은 "Payment from your account." 라는 제목으로 전파되었으며, 현재 영문으로 발송이 진행되고 있습니다. 본문의 내용은 이전과 동일하게 해커로부터 이메일 액세스 권한을 구매하고 트로이목마를 설치하여 사용자를 감시 중이라는 문구로 수신자를 협박하는 내용들이 기재되어 있습니다.

 

[그림1] 유포되고 있는 Hoax 메일 화면

 

현재 유포 중인 혹스(Hoax) 메일은 기존에 발견된 한글 혹스 메일의 영문판으로 추측되며 메일 본문의 전체 내용은 아래와 같습니다.

Greetings! I have to share bad news with you. Approximately few months ago I have gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities. Here is the sequence of events: Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online). Obviously, I have easily managed to log in to your email account (*******@******.com). One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email. In fact, it was not really hard at all (since you were following the links from your inbox emails). All ingenious is simple. =) This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard). I have downloaded all your information, data, photos, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history and contacts list. My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software. Likewise, I guess by now you understand why I have stayed undetected until this letter... While gathering information about you, I have discovered that you are a big fan of adult websites. You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure. Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms. If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives. I have also no issue at all to make them available for public access. I guess, you really don't want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you. Let's settle it this way: You transfer $1650 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away. After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word. This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now. In case, if you don't know how to purchase and transfer the bitcoins - you can use any modern search engine. Here is my bitcoin wallet: 1Hjpu99iHc3oi55ZJKf6RHhKbwit8vEzTS You have less than 48 hours from the moment you opened this email (precisely 2 days). Things you need to avoid from doing: *Do not reply me (I have created this email inside your inbox and generated the return address). *Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover that (as you can see, it is really not so hard, considering that I control all your systems) - your video will be shared to public right away. *Don't try to find me - it is absolutely pointless. All the cryptocurrency transactions are anonymous. *Don't try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers. Things you don't need to worry about: *That I won't be able to receive your funds transfer. - Don't worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer). *That I will share your videos anyway after you complete the funds transfer. - Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago! Everything will be done in a fair manner! One more thing... Don't get caught in similar kind of situations anymore in future! My advice - keep changing all your passwords on a frequent basis

 

이번 메일에서 사용된 비트코인 주소는 0.12033851 BTC로 한화로 약 750만 원의 높은 수익을 얻은 상태입니다.

 

[그림2] 혹스(Hoax) 메일 발신자의 비트코인 수익 화면

 

수신자의 계정을 해킹하여 사생활 녹화 영상을 빌미로 협박하는 혹스(Hoax) 메일은 지속적으로 유포할 가능성이 매우 높습니다. 그러나 혹스(Hoax) 메일은 "수신자의 이메일 주소, 비트코인 주소, 송금 금액" 내용만 부분적으로 변경되어 유포가 되기 때문에 쉽게 알아챌 수 있으며 금전을 요구하는 메일은 바로 삭제하는 것을 권장합니다.

 

 

※ 관련 글 보기

▶ "고객님의 계좌에서 결제." 제목으로 대량 유포되고 있는 혹스(Hoax) 메일 주의!! (21.04.21)

▶ 사생활 녹화 영상으로 협박하는 hoax 메일 주의!! (21.03.10)

▶ 사생활 녹화영상으로 협박하는 hoax 메일 주의!! (20.08.20)

▶ 사생활이 촬영된 비디오를 유포하겠다고 가짜 협박하는 hoax 메일 주의! (20.05.06)

▶ 한글로 작성된 코로나바이러스 이슈 악용 Hoax 주의! (20.03.12)

▶ 성인사이트 악성코드 감염으로 현혹하는 혹스 이메일 주의 (20.01.10)

▶ '긴급 통신!' 등의 제목으로 전파 중인 가짜 혹스(Hoax) 이메일 주의! (19.02.08)

▶ 악성코드 감염 내용으로 사용자를 협박하여 비트코인을 요구하는 혹스(Hoax) 메일 주의! (18.10.29)

▶ 국내 유포 중인 혹스(Hoax) 메일, 일본에서도 유포 중! (18.09.21)

▶ 불특정 다수에게 유포되고 있는 혹스(Hoax) 메일 주의! (18.09.14)

관련글 더보기

댓글 영역