nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

20-yr-old Brazilian births 100 banking trojans

Who cares about OPSEC with slack laws and busy cops?

By Darren Pauli, 2 Jul 2015

A 20 year-old Brazilian kid has pumped out more than 100 banking trojans selling each for around US$300 a pop, Trend Micro researchers say.

The computer science student's extracurricular activities landed him the dishonourable title of his country's most prolific banking malware creator.

Researchers say "Lordfenix", his chosen hacker handle, made the cash between April 2013 and today targeting banks including HSBC Brazil, Bank of Brazil, and Caixa.

"Lordfenix has grown quite confident in his skills," Trend's researchers say in a post.

"We found him offering free versions of fully-functional banking trojan source code to underground forum members.

"He claims these free versions can steal credentials from customers of four different banks."

The paid version of his trojans target additional banks using sleight-of-hand browser window replacement tricks that disable security software popular with Brazilians.

How's your OPSEC?

Brazilian banking malware is a smart target for the unscrupulous, because the nation has very high usage rates for online banking. Plenty of fraudsters are cashing in: one study claims (PDF) that three-quarters of local net users feel they have fallen victim of some form of online fraud.

Adding oil to the fire is the country's lax cybercrime law and the low priority given to online crime by police who are more concerned with kinetic crimes. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing