• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Localized Tools and Services, Prominent in the Brazilian Underground

Localized Tools and Services, Prominent in the Brazilian Underground

  • Posted on:November 18, 2014 at 5:00 am
  • Posted in:Malware
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

In our monitoring of the global threat landscape, we tend to notice that countries sometimes are affiliated with a particular cybercriminal activity. One classic example is Brazil, which is known for its association with banking malware. As we noted in a previous blog entry, “[0]nline banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community.” However, we felt like something was missing. What would explain the growth of these activities in Brazil?

Several factors may have contributed to this growth. For example, Brazil has a lack of concrete laws and limited law enforcement agency resources that address cybercrime in the country. Additionally, the technological and consumer landscape in Brazil, which has a 50% Internet penetration rate, and a 69% credit card penetration rate, has made the country all too appealing for cybercriminals.

However, another factor may have also contributed to Brazilian cybercrime: the existence of a flexible underground market with different offerings, ranging from banking Trojan development to online fraud training. The latter is highly notable as this is the most unique item in the market, which may not be found in other underground markets.

In Brazil, it’s possible to start a new career in cybercrime armed with only US$500. Would-be cybercriminals are supported and helped by tools, forums, and experts from the dark side of the Internet. These bad guys do not fear the authorities and their groups get bigger in a short span of time.

These criminals use a wide array of tools and services for their communication. These include IRC channels, Deep Web forums, and private servers. Social networks and encrypted text chat software, including those for mobile, are also heavily used by the bad guys. In short, cybercrime communication is made easy, which makes law enforcement efforts more difficult.


Figure 1. A sample post in an underground forum, translates to “Can anyone help me with credit card stealing? I’d like to start working on this.”

Our paper, “The Brazilian Underground Market: The Market for Cybercriminal Wannabes?,” discusses at length the tools and services sold in the Brazilian black market. The paper also talks about the characteristics that set it apart from other underground markets. For example, Russian and Chinese cybercriminals hide in the deep recesses of the Web and use tools that ordinary users do not such as Internet Relay Chat (IRC) channels. Meanwhile, Brazilian cybercrooks use more popular means like Facebook, YouTube, Twitter, Skype, and WhatsApp for organizing and advertising.

Another key feature of Brazilian online threats is that they mostly target local victims. These threats are developed locally, sold to local criminals, and used to target fellow Brazilians. Because of this ‘localization’ there is no good way to get threat intelligence unless we immerse ourselves in the Brazilian landscape.

By providing information on the kinds of threats or attacks offered by the Brazilian underground, we hope to help companies and users to defend themselves. We also aim to help law enforcement agencies and researchers get intelligence on cybercrime operations.

This is part of the Cybercrime Underground Economy Series of papers, which take a comprehensive view of various cybercrime markets from around the world.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: banking malwareBrazilBrazilian cybercriminal undergroundCUEScybercrimeCybercrime Underground Economy Seriesunderground

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.