Brazilian Trojans Poised to Spread around the World

When we talk about Brazil, we no longer think only Carnival and caipiriña, or the favelas (slums) that came into being as a result of the highly unequal distribution of income. Bearing in mind that Brazil is one of the largest countries in the world, a major new concern has arisen as the Internet and technological devices are being used to find fast ways to earn money.

In 2014, Brazil was listed as the country with the most number of attacked users. Kaspersky identified over 90,000 attacks in Brazil, with Russia in second place.

Brzail_number_of_attacksCybercrime has combined the creativity of Brazilian hackers with new forms of illegal activities, specifically online bank fraud, turning the country into a producer of Trojan malware. The increased variety of Trojans produced in Brazil is becoming a trend. Hackers are spreading their tools via hacking communities, by selling or simply sharing tools, tutorials and tips for using Trojans as a means to intercept information on users and their banks. They use social network platforms, personal blogs or “security information web sites,” IRC channels and the forums on the deep web where “laranjas” (oranges in Portuguese, used to denominate a tool/card trader) do business to sell the malware or the stolen data.

A hacker asks for help in generating Boletos, a payment method consisting with bank tickets, commonly used in Brazil
A hacker asks for help in generating Boletos, a payment method consisting with bank tickets, commonly used in Brazil

While hackers from other countries use malware tools such as Zeus, the uniqueness of the Brazilian hackers is that they develop specific, personalized codes targeting banking frauds. They also find creative ways to use software to access their targets, with the aim of stealing bank accounts. CPL is one of these innovations – a legitimate Windows Control Panel file is being used by cybercriminals to spread banking Trojans targeting Brazilian users.

Cybercriminals send fake emails, using social engineering techniques designed to mislead users. Usually, the email content is a document with a quotation, invoice or receipt, information on a debt or a banking situation, or digital payment instruments used in Brazil, such as Boleto bancário or Electronic tax note, file photographs, videos or similar.

An example for the use of the CPL malware in a phishing email
An example for the use of the CPL malware in a phishing email

The fact that Brazil has the highest percentage of online banking users has also contributed to the development of different personalized attacks. As a result, banking Trojans have become the number one threat in Brazilian cybercrime. As previously demonstrated in the Brazilian malware arena, some code writers spread their viruses around the world. The security sector, in this case the banking sector, must be aware of the possible dangers and increase their efforts to protect their clients.

Hackers are World Cup Fans

On May 12, 2014, an AnonGhost member and developer of the new AnonGhost DDoS tool, nicknamed Ali KM, created an event page on Facebook announcing a cyber-campaign against FIFA websites. #OpFIFA will take place between June 10 and 12, 2014.

It is worth mentioning that already in January 2014, hacktivists had created event pages on Facebook threatening to carry out cyberattacks against websites affiliated with the Brazilian Government (hosting the games) and FIFA.

According to Ali KM, the main reason for the #OpFIFA campaign is what they consider FIFA’s humiliating attitude towards Muslim teams. Thus far, approximately 100 Facebook users have joined the event and over 1,000 users have been invited.

Ali KM has promised that if the participants wage successful DDoS attacks against FIFA websites, he will provide them with free HD live streaming from his own servers during the World Cup games.

#OpFIFA Event Page on Facebook
#OpFIFA Event Page on Facebook

In a related matter, according to cyber security researchers, hackers use FIFA World Cup games to spread different malware. For example, a new backdoor was discovered in a file called Jsc Sport Live + Brazil World Cup 2014 HD.rar. The archive contains an executable file that creates a remote access, allowing hackers to gain full control of the victim’s computer. Hackers also spread a claimed key generator for cracking football games that actually run an adware on the victim’s computer.

World Cup games are also a useful platform for phishing attempts, such as the one spotted last year, claiming to provide a promotional offer for FIFA World Cup 2014, but which actually tried to steal credit card credentials and personal details of the victims. Security researchers recommend ignoring such links and files and keeping antivirus updated.

Have a great and malware-free World Cup!

Facebook Event against the World Cup in Brazil

A new trend has emerged – Hacktivist campaigns against high-profile sporting events.

Anonymous Caucasus, also known as “The Electronic Army of the Caucasus Emirate”, an Islamist hacker group, has already threatened to carry out cyber attacks before and during the Sochi 2014 Winter Olympic Games.

The next major sporting event is the World Cup, schedule to take place in June 2014 in Brazil. In recent days Anonymous hackers have launched cyber attacks against Brazilian government websites in protest against the 2014 World Cup.

The hacktivists have also created an event page on Facebook threatening that every Saturday until the beginning of the games on June 12, 2014, they will wage cyber attacks against different websites that are affiliated with the Brazilian government and FIFA, the international governing body of association football.

Thus far, hundreds of people have joined the event and the number of participants will most likely increase during the next months.

Facebook event against the 2014 World Cup
Facebook event against the 2014 World Cup