Extortion Scammers Try to Convince You That You Got Infected by a RAT

• Scammers claim they installed a RAT on your system through the EternalBlue exploit.
• They are giving recipients 48 hours to pay $600 in Bitcoin, otherwise, they will publicize their personal moments.
• The actors don’t really have any data in their hands, but they are trying to trick their victims with a bluff.

Bleeping Computer warns of a new extortion campaign that tries to convince its victims their computers have been infected by a RAT (Remote Access Trojan), and even clarifies the path of infection by claiming it was the EternalBlue exploit that has been used. As it is usual in this type of campaigns, the recipient of the email message is then warned that they have been monitored by the actors, who allegedly have recorded them while they visited adult websites. The request is the payment of a ransom, and the threat is to share the victim’s private moments with their contacts.

With a subject line that goes along these lines: “Security Alert. Your account was compromised. Password must be changed”, the recipient is urged to take the message seriously if they are unlucky enough to not have effective spam filters in place. According to the extortion message, the Trojan has supposedly taken videos of the victim, stole their contacts, and also their passwords. The demand is $600 in Bitcoin, and the recipients are given 48 hours to send the payment. Those who send the money are promised the irreversible deletion of their data, which is, of course, a blatant lie, as the scammers hold no data belonging to the victims in the first place.

To convince the recipients that they really have compromised their systems, the scammers are using information from publicly disclosed data breaches from websites such as the “haveibeenpwned” platform. By showing recipients their very own password, scammers hope to convince them of the “RAT infection story”, and as it seems from the associated Bitcoin address they have had some limited success so far. The accumulated reports against the used wallet ID should be enough to freeze it, but still, that won’t prevent the scammers from using an alternative ID.

If you find a message like the above in your inbox, just mark it as spam and throw it in the bin. If the message contains an old password that has been breached and you are yet to reset it, then do so immediately. Finally, always keep an AV tool from a reputable vendor up to date and running on your computer, while at the same time you should never download software from untrustworthy sources. Keeping your system safe from exploits like the EternalBlue can only come through the updating of your OS, so never neglect system updates.

Have you received the above, or any other similar extortion letter? Share the details with us in the comments down below, or on our socials, on Facebook and Twitter.