Traditionally, Brazil is known for being the home of BANCOS, which steals the banking information of users and is generally limited to the Latin American region. Other banking Trojans like ZeuS, SpyEye, and CARBERP, which are common in other regions, are not traditionally used by Brazilian cybercriminals and not aimed at Brazilian users either.
However, that might be changing. In a local hacker forum, we saw a post where somebody was selling some rather well-known malware kits:
- Zeus version 3
- SpyEye version 1.3.48
- Citadel version 1.3.45
- Carberp (“last version with all resources”)
- CrimePack Exploit kit version 3.1.3 (leaked version)
- Sweet Orange exploit kit version 1.0
- Neutrino exploit kit
- Redkit exploit kit
In addition, if an interested buyer purchases any of the kits listed above, he will also get the kit for SpyEye version 1.3.45 for free.
Figure 1. Screenshot of the online ad
It’s worth noting too that the prices posted are extraordinarily attractive. For Zeus and CrimePack, a potential buyer needs only to shell out 350 Brazilian reais (175 US dollars) each. SpyEye and Carberp cost around 150 reais (75 US dollars), while a Citadel kit costs 100 reais (50 US dollars).
In a later update, the guy also advertised that he had some phishing scam kits too. The targets include well-known entities like PayPal, Bank of America, HSBC and SCI Liberty Reverse (a Costa Rica-based payment processor) and only costs 50 reais (25 US dollars) per kit.
Figure 2. Updated advertising phishing kits