March 22, 2013Dancho Danchev By Dancho Danchev

Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

Risk-forwarding is an inseparable part of the cybercrime ecosystem.

Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, in an attempt to mitigate the “cash-out” risk by forwarding it to a more experienced cybercriminal, the process of risk-forwarding is visible across the entire ecosystem.

In this post I’ll discuss a recently spotted Wetern Union based money mule management script. While the cybercriminals are currently developing this script, it is evidence of a cybercrime ecosystem trend focusing on the efficiency-centered standardization mentality of sophisticated cybercriminals.

More details:

Sample screenshot of the money mule management script, currently under development:

Money_Mule_Management_Script

Basically, the Web based interface would allow a mule recruiter to easily manage the mules who will exclusively rely on Western Union for transferring the fraudulently obtained financial assets. The script will also automatically deduct the commission the mule will take for processing the fraudulent funds, and allow him to access a DIY interface, where he/she can submit all the MTCNs (Money Transfer Control Number) from all the transfers that they initiated.

It’s worth pointing out that the cybercriminal behind this is currently soliciting feedback from fellow cybercriminals on invite-only cybercrime-friendly communities, and is basically experimenting with the true potential of such a DIY Web based service. In its current form, the script doesn’t have the “innovative” potential to help sophisticated cybercriminals boost their efficiency levels when it comes to recruiting and managing money mules.

We’ll continue monitoring its development, and post updates as soon as new developments take place.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

2 Responses to Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

  1. Pingback: A peek inside a ‘life cycle aware’ underground market ad for a private keylogger | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  2. Pingback: Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Leave a Reply

Your email address will not be published. Required fields are marked *