Risk-forwarding is an inseparable part of the cybercrime ecosystem.
Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, in an attempt to mitigate the “cash-out” risk by forwarding it to a more experienced cybercriminal, the process of risk-forwarding is visible across the entire ecosystem.
In this post I’ll discuss a recently spotted Wetern Union based money mule management script. While the cybercriminals are currently developing this script, it is evidence of a cybercrime ecosystem trend focusing on the efficiency-centered standardization mentality of sophisticated cybercriminals.
Sample screenshot of the money mule management script, currently under development:
Basically, the Web based interface would allow a mule recruiter to easily manage the mules who will exclusively rely on Western Union for transferring the fraudulently obtained financial assets. The script will also automatically deduct the commission the mule will take for processing the fraudulent funds, and allow him to access a DIY interface, where he/she can submit all the MTCNs (Money Transfer Control Number) from all the transfers that they initiated.
- Knowledge tip: Want to get free access to raw money mule recruitment domains data throughout the last couple of years? Consider going through the “Keeping Money Mule Recruiters on a Short Leash” series.
It’s worth pointing out that the cybercriminal behind this is currently soliciting feedback from fellow cybercriminals on invite-only cybercrime-friendly communities, and is basically experimenting with the true potential of such a DIY Web based service. In its current form, the script doesn’t have the “innovative” potential to help sophisticated cybercriminals boost their efficiency levels when it comes to recruiting and managing money mules.
We’ll continue monitoring its development, and post updates as soon as new developments take place.