Despite the 2016 Olympics coming to a close, cybercriminals remain relentless in using the sporting event as a social engineering hook to distribute a banking Trojan. Earlier this month, we spotted a phishing campaign that led victims to unknowingly download the Banker malware. Although Banker has been in the wild for years, this time we see it using a Dynamic Loading Library (DLL) with malicious exported functions. One of the export calls used is to check if the victimized system is located in Brazil. If the geolocation points to Brazil, then another malicious file is downloaded. This particular new routine points to the possibility of the cybercriminals’ intention of riding on the popularity of the Olympics to lure users. Apart from Banker, there are reports indicating that other banking Trojans, are doing the same thing. For instance, Sphinx ZeuS has enhanced its capabilities because of the Olympics.Read More
Ransomware have become such a big income earner for cybercriminals that every bad guy wants a piece of the pie. The result? More tech-savvy criminals are offering their services to newbies and cybercriminal wanna-bes in the form of do-it-yourself (DIY) kits—ransomware as a service (RaaS).Read More
Staple product offerings like online banking Trojans and tutorials for aspiring cybercriminals are still being peddled in the Brazilian underground market. While old crimeware remain the same, we observed that these young and brazen cybercriminals (two words that aptly describe the Brazilian cybercriminals of today), have switched communication platforms. After the temporary shutdown on WhatsApp last December, cybercriminals changed messaging tools to avoid unwanted attention from law enforcement agencies. Although this shift may be coincidental, the secure messaging features of Telegram, a cloud-based messenger similar to WhatsApp, may make it ripe for abuse.Read More
As a known banking Trojan center, it’s not surprising when Brazil’s cybercriminals launch what could be considered “banking Trojans as a service.” In this particular case, a skilled cybercriminal started offering a fully functional banking Trojan and its associated infrastructure for rent, to be used by less-skilled crooks.
This particular threat caught our eye because of its ad, which included demonstration videos on YouTube. Its creator, “Ric”, offers the services of this particular banking Trojan for rent, which costs approximately US$600 for a 10-day period. The service includes a comprehensive, highly capable, and well-designed console, as well as the capability to bypass additional authentication steps used by banks in Brazil.Read More
During our research into the underground black markets of the world, we keep stumbling upon interesting finds or detect aspects that make these regional ecosystems unique and interesting. We’d earlier observed that the Brazilian underground (as covered in our initial report titled The Brazilian Underground Market: The Market for Cybercriminal Wannabes?) was catching up to…Read More