14 DAY TRIAL // So far, users from Brazil didn’t have to worry about being targeted by notorious pieces of malware such as SpyEye, Zeus, Citadel or Carberp. Until now, Brazilian users have mainly been targeted by the information-stealing Trojan known as Bancos.
However, that might change soon since experts have spotted a post on a local hacker forum advertising some crime kits that haven’t been utilized by Brazilian cybercriminals.
According to Trend Micro Senior Threat Researcher Ranieri Romera, the seller is offering Zeus 3, SpyEye 1.3.48, Citadel 1.3.45, RedKit Exploit Kit, Neutrino Exploit Kit, Sweet Orange Exploit Kit, CrimePack Exploit Kit, and the latest version of Carberp.
The prices for these malicious elements are highly attractive. For instance, ZeuS and CrimePack only cost $175 (134 EUR), and SpyEye and Carberp cost even less.
The same seller also advertises phishing kits for renowned companies such as Bank of America, HSBC, Costa Rican payment processor SCI Liberty Reserve and PayPal. These kits cost only $25 (19 EUR).
Romera believes that we might see a mix of the two threats in the near future.
“The first wave of attacks may be malicious webinjects targeting Brazilian banks. The second wave we can divide into two: Bancos variants may start to use part of the code from kits to steal data; alternately the imported botnets may start using the modules needed to bypass the security of Brazilian banks,” he explained.
The migration of these well-known threats to Brazil will likely result in the fact that both the botnets and the BANCOS malware will become more efficient in stealing information and money.
“A side effect is we expect to find more botnets active in Brazil, which may even end up forking to create versions that are specifically targeted at Brazilian users,” the expert noted.