Operation MIDAS – Tracking Fraudulent Financial Program Organizations

Operation MIDAS – Tracking Fraudulent Financial Program Organizations

MediaVideo
Yanac

Today, brokerages offer official PC programs and mobile apps that allow you to trade stocks using your PC or mobile. However, there have been fake online brokerages (HTS) that are sophisticatedly designed to steal your money.

The program is precisely designed and operates under the guise of a stock investment program to deceive users. The program even impersonated a real brokerage firm to create the program and recruit users.

The program communicates with the servers of real brokerage firms to get real-time stock price information, and uses publicly available chart libraries to create visual representations. However, no actual stock trades are made. Rather, the program’s core feature, a screen capture function, is used to spy on users’ screens, collect unauthorized information, and refuse to return money.

We obtained 14TB of screen captures that were inadvertently exposed by the developers, including the supply organization that developed and sold the program and the operations organization that rented and operated the program they provided. We watched as they used generative AI for efficient development, operated over 100 domains and servers, moved servers offshore to evade law enforcement, and extorted money from users.

Finally, based on the data we obtained, we worked with law enforcement, who seized and analyzed more than 20 servers utilized by the fraud ring operating offshore, identified the individuals involved in the crime, and arrested 32 people, including two developers and one infrastructure manager, who made ₩9 billion illegally.

In this presentation, we will identify the fraud ring and define the roles and relationships of its members by analyzing the fraudulent programs, fraudulent websites, associated domains, and obtained screenshot data. We analyze the programs they offer in detail to identify 125 related fake investment programs and explain the secretive process they used to avoid returning users’ money.

By:
Sung-Wook Jang | Operation MIDAS – Tracking Fraudulent Financial Program Organizations, Financial Security Institute (South Korea)
Yong-Hyun Kim | Operation MIDAS – Tracking Fraudulent Financial Program Organizations, Financial Security Institute (South Korea)

Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-24/briefings/schedule/#operation-midas—tracking-fraudulent-financial-program-organizations-42444Black HatRead More