The cybercrime group named “The Manipulators” was profiled by KrebsOnSecurtiy in May 2015. However, six years later, a review of the cybercrime organization’s social media posts shows that it is still flourishing despite its activities being poorly concealed as a software development firm in Lahore, the capital of the Pakistani province of Punjab.
“The Manipulators” is a group of Pakistani hackers who sell spam and malware tools and a range of services for crafting, hosting and deploying malicious email. All of their domains have the common prefix FUD, which stands for “Fully Un-Detectable.” While their service used various names like “Fudtools,” “Fudpage,” and “Fudsender.”
It offers various phishing templates and other software that can be used to attack various online platforms, such as Dropbox and Office365. They also sell other products that are designed to help spam writers distribute their messages.
One of the ads for Fudtools service promoted the domain fudpage.com, which has the same phone number as the domain name itself. The team used a domain name from a fraudulent service called “FreshSpamTools” to distribute spam.
KrebsOnSecurtiy found that WHOIS records of FreshSpamTools had the email address firstname.lastname@example.org, which is also associated with Bilal “Sunny” Ahmad Warraich’s Facebook account.
Further research revealed that he is an employee of “We Code Solutions.” Several other members working under the facade of We Code Solutions have been tracked. Their feed and pictures suggest that they are connected to Fud Co.
The most severe blow to The Manipulators was delt when their core domain name was not renewed in 2019. The domain was immediately snatched up by Scylla Intel that specializes in identifying cybercrimes through their real-life identities.
After creating an email server for The Manipulators, the security company’s inbox was flooded with messages that contained many details about the group they didn’t know.
“I think one of the things the investigators found challenging about this case was not who did what, but just how much bad stuff they’ve done over the years,” Angus said. “With these guys, you keep going down this rabbit hole that never ends because there’s always more, and it’s fairly astonishing. They are prolific. If they had halfway decent operational security, they could have been really successful. But thankfully, they don’t.”