MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

9.13.2012

League of legends Malware Attack

As you may already know,cyber criminals find different ways to infect computers and steal sensitive information which later they use for their bad purposes.This time,at facebook i stumbled upon a League of legends themed scam,needless to say that most of my friends are also victims.They "offer" free riot points.Let's have a look then.



As you can see,it's just a very "amateur" project,probably written in VB. To me,it looks kinda "phishy" and i really doubt whether it works or not.I would also like to mention that Riot INC is a very trustworthy company,don't try to search for any "hacks" that will give you Riot points,you will most likely fail and end up getting scammed or infected.

What was my first thoughts?It's just a regular stealer which will send your information to the author .I was right. Let's check the network activity,when you press the button "Press Here For RP".



I guess,you may have already noticed some strange network activities. But really,what is it?I don't understand a thing,that's because the packets are encrypted. So,where are my information sent?I used a tool called .NET Reflector,this tool will be able to enlighten us. Let's dive into a real debugger and grab more information about the author.



As you can see,he's using the smtp.gmail client to receive the logs and the logs are sent to the "red blurred" gmail.By the way,i am not that bad to publish his e-mail,i will tell you later why. He only wants Textbox.1 which is obviously your username,and textbox.2 which is your password.The subject of the email should be victim's username and the body should contain the password.

His Gmail password is 59347763,if the password is changed,then this programme will be useless,as it won't be able to get past through the gmail verification,therefore the logs won't be sent. Using google i was able to find even more information about the author. He got the idea of creating a phising applicaiton when he saw a tutorial at YouTube. Here,he's seeking for help and he gave his email to contact him.





What literally shocked me is that,he's only 15 years old and he's coming from Greece,from my country. Here he wants to buy a "Spy Recording Camera".



What great times do we live in,even a 15 years old kid can create his own phising application and start stealing information,just from a simple tutorial. There's too much freedom in the internet or what. Since he is only 15 years old (we have the same age),i don't want to ruin his life and that's why i didn't show you his email. I logged at his gmail and deleted all the logs,i also warned him that the next time,i won't be that good. This application should be detected as a PUP(Potentially unwanted programme).



I just wanted to show you how easy is nowadays to create your own phising programme, and start stealing credentials. Stay safe!

Phillip, Malware Researcher





Ver más