Social Scam Targets East Europeans with Relatives Abroad

Some 45 million citizens of Russia and other former Soviet nations are vulnerable to an ingenious social engineering scam that exploits a flaw in the settings of social networking platform Odnoklassniki.

As the platform allows creation of multiple accounts with the same e-mail address, crooks clone Odnoklassniki accounts and send private messages to contacts listed as family, requesting money in the name of the account owner to recuperate an allegedly lost or stolen phone.

A lot of families in Eastern Europe have at least one member working in countries like Germany, Italy or Spain to supplement low income. The family members keep in touch via social networks, e-mails, instant messenger and voice over IP applications. The internet helps them avoid using the phone to keep down costs.

The scammers impersonate those working abroad to contact their relatives and ask for money. The sums are moderate ” $100 – so as not to raise the suspicions of concerned family members back home.

After Facebook, Twitter, LinkedIn and Pinterest, Odnoklassniki joins the club of social networking platforms to become victims of social engineering and cyber-crime. Odnoklassniki is addressed to high school or college classmates who want to catch up and keep in touch, particularly popular in Russia and countries from the former Soviet Union.

To date, Bitdefender labs has also analyzed half a dozen executable files advertised as hacking tools for Odnoklassniki accounts. Most are genuine spying instruments, meticulously compiled to avoid running in virtual machines or while traffic sniffing applications are on to avoid detection.

The tools assign a unique identification code to each compromised machine and lists them into a database on a C&C center, steal bitcoin wallets should there be any on the infected PC while also collecting passwords saved in browsers, identification data for ftp and e-mail accounts, instant messenger or game credentials.

This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender Virus Analyst and Bitdefender Anti-Spam Lab.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.