The three men were arrested in possession of fake documents, including fraudulent invoices and forged official letters.
Interpol has arrested three Nigerian men in Lagos, who are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials.
The international operation code-named “Killer Bee,” was led by Interpol together with the law enforcement agencies of 11 Southeast Asian countries.
As per the latest reports, the targets of the gang included large corporate organizations and oil & gas firms in the Middle East, North Africa, and Southeast Asia.
Interpol did not disclose the amount the gang was able to steal from the victimized organizations.
One of the three arrested men, Hendrix Omorume, faces a one-year imprisonment sentence for possessing fraudulent documents, obtaining money by false pretense, and engaging in impersonation.
The other two men are still on trial are only face the single count of possessing fraudulent documents likely used in BEC (business email compromise) attacks.
According to the Interpol, the laptops and mobile phones of the arrested individuals were examined thoroughly, and the police found signs of Agent Tesla deployment.
Agent Tesla is a RAT that has been used for several years now, which serves as a powerful information-stealer and keylogger that can steal credentials stored in web browsers, email clients, FTP, and other software.
It infects targets through a malicious phishing email that carries a malicious attachment such as PowerPoint documents.
Here it is assumed that Omorume used Agent Tesla to steal account credentials in target organizations, access email communications, and perform surveillance.