nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Phisherfolk phlock to Rio for the Olympics

Virtually, that is. Zeus trojan ported to bash Brazil banks

By Darren Pauli, 5 Aug 2016

Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 – with IBM and Fortinet reporting new banking trojans and cyber crime activity in Brazil.

Big Blue has reported a variant of the Zeus trojan has emerged on crime forums targeting local banks and exploiting financial habits of users in the country in what is evidence the trojan is not a mere copy-and-paste effort.

The Panda Banker trojan began in Europe and the US hitting banks in the region earlier this year before being ported to smash the home of the looming 2016 Olympics.

The Brazilian variant targets 10 unnamed national banks and localised payment services and is being flogged by the original developers under a subscription payment model.

Panda can also raid Bitcoin exchange credentials, airline loyalty programmes, prepaid cards and gambling sites, IBM X-Force researchers say.

Its customisation continues: the trojan has been written to target a local security firm, a supermarket chain, and even law enforcement.

Researchers suggest the possibly Russian-speaking designers are worked in concert with Brazil locals to develop the latest variant.

"Panda grabs login credentials on the fly, is capable of injecting malicious code into ongoing web sessions to trick users with social engineering, and its operators are versed in the use of automated transaction panels," researchers say.

"Panda’s operators’ favoured fraud methodology is account takeover, in which victim credentials are robbed and then used by the attacker to initiate a transaction from another device."

Most infection comes via Word documents and poisoned macros with pop-up windows used to capture one-time banking passwords.

Meanwhile Fortinet is warning of a huge 83 per cent spike in malicious domains and phishing URLs in Brazil across June compared to the global average of 16 per cent.

Researchers with the company write in its latest threat report [PDF] that some 3,800 malicious government (gov.br) sites have spun up that target bureaucrats and Olympics officials.

"As the 2016 Rio Olympics unfold, the history of increased attacks will undoubtedly continue and FortiGuard Labs is already seeing indicators of repeat techniques such as domain lookalikes for payment fraud and malicious websites or URLs targeting event and government officials," security strategist Ladi Adefala says.

The findings are similar to those affecting previous major sporting events like the soccer World Cup and previous Olympic Games.

In January Trend Micro found as part of its series of analysis on regional cybercrime markets that Brazil's underground was booming.

Researchers at the firm said the South American nation had an "influx" of new criminals to its online communities who shirk anonymity when draining user bank accounts with malware and openly boast of their success. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing