Forget Phishing New Cybercrime Tool is Whaling
Why go phishing when you can go "whaling"?
The cybercrime practice of phishing masquerading online as a trustworthy source to try to steal people's sensitive information is coming up against some serious competition in the form of "whalers."
Whalers are online thieves who prey on phishers essentially, they are bigger phish in the cybercrime sea. While phishers do all the work, posing as a legitimate company say, Microsoft with a dire warning that they say you absolutely need to follow, whalers simply plunder the online databases where phishers keep their stolen info.
Whalers use a tool called an autowhaler, which "checks known phish URLs for common places where a productive phisher would keep their logins," the security firm GFI Labs reported.
In examining these phisher-on-phisher attacks, GFI Labs came across an especially tricky autowhaler that boomerangs on its user.
When someone interested in stealing a phisher's haul downloads the "666 Auto Whaler," he gets more than he bargained for. This particular autowhaler tool is corrupt: It contains a file called "CryptedFile.exe" that is actually a Trojan designed to steal passwords and account login details.
Once downloaded, this file makes the would-be-whaler's system vulnerable to attack.
"Password-stealer creators targeting whalers going after phishers may sound like a humorously confusing mess of bad people hitting each other in the face with bricks ... but the gag quickly evaporates once little Jimmy loses five sets of credit card details to the void," GFI Labs wrote.