March 22, 2013Dancho Danchev By Dancho Danchev

Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

Risk-forwarding is an inseparable part of the cybercrime ecosystem.

Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, in an attempt to mitigate the “cash-out” risk by forwarding it to a more experienced cybercriminal, the process of risk-forwarding is visible across the entire ecosystem.

In this post I’ll discuss a recently spotted Wetern Union based money mule management script. While the cybercriminals are currently developing this script, it is evidence of a cybercrime ecosystem trend focusing on the efficiency-centered standardization mentality of sophisticated cybercriminals.

More details:

Sample screenshot of the money mule management script, currently under development:


Basically, the Web based interface would allow a mule recruiter to easily manage the mules who will exclusively rely on Western Union for transferring the fraudulently obtained financial assets. The script will also automatically deduct the commission the mule will take for processing the fraudulent funds, and allow him to access a DIY interface, where he/she can submit all the MTCNs (Money Transfer Control Number) from all the transfers that they initiated.

It’s worth pointing out that the cybercriminal behind this is currently soliciting feedback from fellow cybercriminals on invite-only cybercrime-friendly communities, and is basically experimenting with the true potential of such a DIY Web based service. In its current form, the script doesn’t have the “innovative” potential to help sophisticated cybercriminals boost their efficiency levels when it comes to recruiting and managing money mules.

We’ll continue monitoring its development, and post updates as soon as new developments take place.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button


  1. […] Whether it’s greed or profit maximization, cybercriminals will continue looking for efficient and automated ways to defraud tens of thousands of users on a daily basis, while preserving their online anonymity by utilizing basic risk-forwarding tactics. […]

  2. […] practiced to perfection over the years, largely thanks to easily obtainable fake IDs/passports, the overall availability of money mules participating in the cybercrime ecosystem, and cybercrime-friendly virtual currency processing […]