A known Nigerian keylogger and threat actor was observed was observed on 27 February 2017 sending a phishing email with a United States, Citizenship and Immigration Services (USCIS) and U.S. Embassy lure. The phishing email referenced recent immigration executive orders by President Trump. The email attempted to lure the target into sending the threat actor a copy of his passport presumably to be used as part of the threat actor’s fraudulent activities. Fraudulent use of any legitimate passport can result in financial fraud, terrorist activity, and a whole host of other illegal activities.
Wapack Labs has cataloged and extensively reported on keylogger operations in the past. An archive of related reporting can be found in the Red Sky Alliance Portal.