Brazilian Trojans Poised to Spread around the World

When we talk about Brazil, we no longer think only Carnival and caipiriña, or the favelas (slums) that came into being as a result of the highly unequal distribution of income. Bearing in mind that Brazil is one of the largest countries in the world, a major new concern has arisen as the Internet and technological devices are being used to find fast ways to earn money.

In 2014, Brazil was listed as the country with the most number of attacked users. Kaspersky identified over 90,000 attacks in Brazil, with Russia in second place.

Brzail_number_of_attacksCybercrime has combined the creativity of Brazilian hackers with new forms of illegal activities, specifically online bank fraud, turning the country into a producer of Trojan malware. The increased variety of Trojans produced in Brazil is becoming a trend. Hackers are spreading their tools via hacking communities, by selling or simply sharing tools, tutorials and tips for using Trojans as a means to intercept information on users and their banks. They use social network platforms, personal blogs or “security information web sites,” IRC channels and the forums on the deep web where “laranjas” (oranges in Portuguese, used to denominate a tool/card trader) do business to sell the malware or the stolen data.

A hacker asks for help in generating Boletos, a payment method consisting with bank tickets, commonly used in Brazil
A hacker asks for help in generating Boletos, a payment method consisting with bank tickets, commonly used in Brazil

While hackers from other countries use malware tools such as Zeus, the uniqueness of the Brazilian hackers is that they develop specific, personalized codes targeting banking frauds. They also find creative ways to use software to access their targets, with the aim of stealing bank accounts. CPL is one of these innovations – a legitimate Windows Control Panel file is being used by cybercriminals to spread banking Trojans targeting Brazilian users.

Cybercriminals send fake emails, using social engineering techniques designed to mislead users. Usually, the email content is a document with a quotation, invoice or receipt, information on a debt or a banking situation, or digital payment instruments used in Brazil, such as Boleto bancário or Electronic tax note, file photographs, videos or similar.

An example for the use of the CPL malware in a phishing email
An example for the use of the CPL malware in a phishing email

The fact that Brazil has the highest percentage of online banking users has also contributed to the development of different personalized attacks. As a result, banking Trojans have become the number one threat in Brazilian cybercrime. As previously demonstrated in the Brazilian malware arena, some code writers spread their viruses around the world. The security sector, in this case the banking sector, must be aware of the possible dangers and increase their efforts to protect their clients.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s