Posing as tech support scammers have adopted a new technique of bypass detection by antivirus products. As reported by Symantec, technique used by attackers during the new, recently discovered operation, was borrowed from the highly skilled hacking and cyberspying groups. With their help, the scammers can successfully hide the malicious activity.
The fake “tech support” is a very common type of fraud. This is the area to many groups, but they all follow the same scheme. When the victim lands on the malicious site (either accidentally or through malicious advertising), you receive a false notification that your computer is infected with malware or blocking law enforcement. To solve the fraudsters advise the victim to seek help in the “tech support” and lure her charge for unnecessary services.
In the course of the campaign described by Symantec, the attackers are posing as the Ministry of defence of Spain. The screens displayed a message stating that the victim’s computer was blocked by Ministry for the distribution of illegal materials. To unlock the computer user must pay a fine of 500 euros (in the form of iTunes gift cards).
After analyzing the source code, the researchers found a large number of obfuscated strings. Obfuscation of code is very common among scammers posing as tech support. However, in this case, the attackers used two levels of AES encryption that occurs quite rarely. Because of this they are able effectively to bypass the anti-virus software.
We will remind, for the last two months members of the Indian law enforcement agencies to disrupt the activities of 26 fraudulent call-centers posing as tech support from Microsoft, Google, Apple and other large companies.
Read more •••