Brazilian whacks: as economy tanks, cyber-crooks samba

Public boasting and n00b-friendly training colour underground forums

Brazil's economy may be hurtling towards recession but its online criminal underground is booming with wannabe hackers and carders racing to get a cut, research finds.

Trend Micro's work is the latest in a series of papers it has published in recent months that examine regional online crime economies including North America, Japan, China, Russia, and Germany.

The South American nation has had an "influx" of new criminals to its online communities who shirk anonymity when draining user bank accounts with malware and openly boast of their success.

These include developers looking for money in the country's bludgeoned economy. A chap called "Lord Fenix" is perhaps king of the new breed of crooks, having written 100 trojans as of last year starting off in high-school and still active in his early twenties.

"The fastest route to cybercriminal superstardom can be found in Latin America, particularly in Brazil," Trend Micro forward-looking threat team says (PDF).

"And given that cybercriminal activities are not as heavily penalized in Brazil as in other regions like North America, Brazilian cybercriminals publicly promote their operations.

"Cybercriminals in Brazil are quite brazen [and] don’t care if law enforcement agencies see their names posted online in relation to illegal activities."

Brazilian Lord Fenix boasts of his malware success on Facebook, 2013.

Guides and entire three-month long training courses are available to help n00bs enter Brazil's online crime communities. Students shelling out the $70 fee will learn to pop databases, setup botnets and malware, and how to handle end-to-end credit card theft including cashing out.

Intermediate VXers with US$50 TO HAND can learn how to build crypters, critical to hiding malware from anti-virus systems.

Mature phishing, DNS changer, and keylogging malware are also on offer across Brazil's crime forums.

Fraudsters can bypass all of this however and pay less than $150 for a fortnight's access to hacked banking shopping panels that proffer up to 70 credit cards a day.

It is not all bank malware; criminal personal information search services are on offer, as are counterfeit goods, diplomas, ATM and point of sales skimmer hardware, and localised ransomware.

The search services claim to have access to vehicle licence plates and possibly the nation's health card system.

Malicious Android apps are an emergent and booming avenue of online criminal money-making, thanks in large part to Brazil's 142 percent mobile penetration rate. ®




Biting the hand that feeds IT © 1998–2019