Fake Anonymous group CyberWare targets 2-spyware

by Julie Splinters - - 2020-08-05

CyberWare hacking group is going after 2-spyware.com

CyberWare goes after 2-spyware CyberWare, a new vigilante cybercriminal gang that hides behind

CyberWare, a self-proclaimed hacking group of the “Anonymous” movement, has declared on Twitter that it will be going after 2-spyware.com. The group is participating in vigilante activities and seems to back up their ideas by performing malicious online activities.

The activity of these criminals began when they started executing Denial of Service (DDoS) at the alleged “loan scam” websites and organizations.^[1] Additionally, security researchers detected new ransomware dubbed MilkmanVictory,^[2] which was first spotted by GrujaRS on May 16, and was aimed at the said “scam” websites. The malware was distributed with the help of spear-phishing emails, boobytrapped with links to seemingly PDF files.

Another proof that the criminal gang is not backed by financial gain is the ransom note that is delivered to the infected victims. No contact information or ransom demands are provided in the text message. Instead, hackers only provide a short message which claims that the attack was performed due to alleged scamming activities of the company.

Hackers use Twitter to deliver their accusations

CyberWare account has posted the following message on Twitter on July 15, 2020:^[3]

Greetings world, We are #Anonymous!

We have declared total cyberwar against
@2spyware
ran by
@kiguolis
for their scams on innocent people.

Let us teach you a lesson you'll never forget.

Dont fuck with the internet and the internet wont fuck with you.

#GhostSec
#Sin1peCrew

Just as with its previous victims, the group does not provide any evidence of scam activities taking place, but rather go by what it believes to be true. 2-spyware is a legitimate website designed to help users to warn them about malware outbreaks, distribution tactics, as well as methods of the effective removal procedure.

Besides using Twitter, cybercriminals also run a website called CyberWare Blog, which posts short messages about their targets and links to news that seem to be of a high priority, for example, “Roblox accounts hacked to support Donald Trump.”^[4]

DDoS attacks are very common, and some people behind them end up in jail

DDoS attacks are serious and often cause many problems to high-profile companies, creating service disruptions that diminish the company's reputation. However, DDoS attacks are surprisingly easy to execute, and the service can be bought on the dark web.

There have been several such self-proclaimed “justice seekers” who were caught by federal law enforcement and put in jail for their actions. A good example is a story of a hacker named DerpTrolling – a vigilante who attempted to keep gamers away from playing during the Christmas period and attacked prominent gaming companies' (Electronic Arts, Sony, Riot Games) servers. The hacker was sentenced to 27 months in prison and had to pay $95,000 compensation for his deeds.^[5]

Whoever is behind Cyberware seems to be motivated by strong political views and a need to express their dissatisfaction with whatever they deem to be going against those views. Unfortunately for the gang, these actions are illegal and can easily land them in jail. Malware is not a joke, and shout not be treated that way.

To all our readers, we wish you to stay safe online.

CyberWare scamming its audience: distributing fake conversations around the web

The notorious CyberWare group continues to target 2-spyware and is now preceded with the second stage of the attack. After threatening to attack the site by using DDoS, threat actors are now distributing fake conversations that allegedly happened between 2-spyware and somebody called “JamesRedd,” a supposed member of Lajunen Loan firm.

The fake dialogue states a variety of sham claims, including that 2-spyware is running scamming offices in India, and that it is cooperating with Lajunen Loan – a supposed scam company running bank loan sites. The company's websites were previously attacked by the CyberWare gang.

The fake conversation, which is filled with spelling and grammar mistakes, unfolds the following way:

It is now evident that the main goal of CyberWare is to spread fake rumors about 2-spyware and ruin the public image of the company. Since actors are actively involved in spreading false information, it also managed to reach our readers already – we received several queries about the conversation, and many are asking whether it is real or not.

Evidently, 2-spyware does not run any scam schemes in India, and neither does it collaborate with an alleged fake loan scam site. If you encounter this or a similar discussion of such type, keep in mind that it is a rumor deployed to mislead our readers and make them doubt the credibility of the site.

2-spyware is a reputable, security-focused website that has been in operation for more than 15 years. Our mission is to help users and prevent them from being scammed online – please disregard all the rumors distributed by CyberWare gang.

CyberWare and its associates continue to produce lies, threaten 2-spyware further

Somebody going under the name Jean Alossi (jeanalos61@gmail.com), most probably related to CyberWare, is spreading lies once again. In the series of emails that were exchanged between the unknown person and the 2-spyware team, it is again claimed that the connection between the alleged bad-guy James Redd from Lajunen Loans and 2-spyware is real.

This time, threat actors created a fake email address 2spyware@gmail.com (keep in mind that the official email is info@2-spyware.com) and sent it to another email, under the name of James Redd. This “conversation” between the two fake emails was allegedly then sent to Jean Alossi, the person who is going after a new revenge plan.

His new scheme consists of allegedly forwarding this fake evidence about 2-spyware since the site is publishing articles about CyberWare and fake Anonymous.

The actor claims that the following email was sent by 2-spyware to James Redd:

Jean Alossi also claims that the screenshot came from somebody in Russia, hence the bad quality and that he has “evidence” that the claim is real. Here is the follow-up of the conversation:

I will just post or send info forward. You publish shit about Anonymous so i will publish all info about you even i'm just after James Redd. When quit spreading lies about Cyberware / Anonymous i can keep next info on my own. You aren't a target but James Redd is.

Once again, please ignore these ridiculously badly-made fakes as “evidence” of some conspiracy about James Redd, India, scamming, fake loan sites, and 2-spyware's connection with all of this. The intention of threat actors is to once again harm the image of the company due to whatever reasons they deem justifiable.

About the author

Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References

^ Vigilante hackers launch ransomware attack on loan scammers. Teiss. The latest in cyber security news, analysis, videos and podcasts from the team at teiss.
^ David Bisson. MilkmanVictory Ransomware Created for Purpose of Attacking Scammers. Tripwire. The Sate of Security blog.
^ Greetings world, We are #Anonymous!. Twitter. Social Network.
^ Roblox accounts hacked to support Donald Trump. BBC News. News outlet.
^ Mathew J. Schwartz. DDoS Attacker Austin 'DerpTrolling' Thompson Gets Sentenced. Bankinfo Security. Source for banking information security related content.