Targeting the elderly: from spoofing to persistence

Thursday 15 October 09:30 - 10:00, Red room   

Axelle Apvrille (Fortinet)

This talk walks you through a cyber incident case which targeted a 89-year-old man in February 2026. We show the entire process used by the cybercriminals:

• Contact through WhatsApp, posing as a bank advisor
• Identity theft
• 2FA bypass
• Opening fraudulent Western Union and PayPal accounts
• Spoofing travel company Kiwi.com and perfume retailer Notino
• Payments for ~3000 euros both via SEPA and credit card

Then lateral movements with:

• Bypass of anti-virus
• Bypassing NAT with installation of AnyDesk
• Persistency by replacing Google Chrome, Firefox, Mozilla Maintenance, ScanApp and anti-virus with infected versions
• Complete access to laptop
• Deleting traces 

The goal of this talk is threefold:

1. Provide an example of a real case from end to end + track cybercriminal(s) from forensic analysis. We include social engineering details, how 2FA was bypassed, etc. Based on collected evidence, we assess the technical level of the attacker. The attack is not sophisticated (it does not need to be) but efficient and very well orchestrated.
2. Explain post-mortem steps to secure the laptop and various accounts. The best solution would have been a full re-install + changing all passwords, but this is simply not possible at 89. Compromises had to be made.
3. Open up a wider discussion on how to secure the elderly in our modern worlds (similar issues with the young). At Virus Bulletin, we have solid tech background, but the elderly have different experiences: hearing and vision problems, fine motor skills, memory issues, slow comprehension and reaction time. There is an interesting underlying problem to tackle here. In Europe, 10% are over 75. Their understanding of computers and cybersecurity is limited, so is their ability to defend themselves. What steps can we take to secure them from attacks in practice?

Additional technical information: The case involved a French man of 89. This person experiences difficulties due to his age, but he has his intellectual faculties and is not under guardianship. He had received security awareness training and had anti-virus installed on both his laptop and mobile phone, but all those measures were ineffective.

The talk is documented using data retrieved from the victim's laptop, smartphone and bank account in addition to public annual reports on cybercrime from the French Gendarmerie Nationale. Unfortunately, the forensic analysis destroyed the infected versions of Chrome, Firefox, Maintenance and Avast. From post analysis, it seems those versions were trojaned and contain the real app and an AnyDesk background launcher.

Axelle Apvrille Axelle Apvrille is a principal security researcher at Fortinet, Fortiguard Labs. Her research interests are mobile and IoT malware, which she reverses every day. In addition, she is the founder of Ph0wn CTF, an on-site competition that focuses on ethical hacking of smart objects. In a prior life, Axelle used to implement cryptographic algorithms and security protocols. Axelle has spoken at many conferences such as Black Hat Europe, Confidence, Hack.Lu, Hacktivity, Insomni'hack, ShmooCon, Troopers and Virus Bulletin. She has also published in academic journals such as IEEE Security & Privacy and Journal in Computer Virology. She regularly writes in the French magazine MISC and Hackable, and has recently published in Phrack #71.

Back to VB2026 Programme page

Back to VB2026 conference page

Register your interest for VB2026

Other VB2026 papers