RSA: Malware Gangs Make Billions With Wire Transfers in Brazil

Investigators from security firm RSA say a gang targeting Brazil’s online payment system Boleto has earned an estimated $2.75 billion in two years. The gang makes extensive use of malware.

RSA Research says investigations have revealed a sophisticated working gang specifically targeting Boleto, a popular online payment method in Brazil. The criminals have developed malware that nestles within Windows in Firefox, Internet Explorer and Chrome. The ‘bolware’ knows how to disable any security plug-ins from the banks and is able to manipulate Boleto transactions in such a way that the account number of the payee is changed. The transaction amount is often left untouched in order to reduce the chance of discovery.

Researchers at RSA Research have discovered that a bolware gang, using 8,095 of its own Boleto accounts, has manipulated nearly half a million transactions in the past two years. According to a rough estimate, the internet criminals would have obtained 3.75 billion dollars, or 2.75 billion euros. RSA further estimates that more than 192,000 Windows systems have been infected with the malicious bolware software. In addition, the malware scans infected PCs for credentials and then sends spam to a victim’s stolen contact list.

Security blog Krebs on Security has gained insight into the activities of another Boleto gang operating in Brazil. Screenshots from the botnet admin panel show that this gang focuses on manipulating relatively small transactions, but that it managed to earn around 180,000 euros in five months.

Brazilians who want to carry out secure Boleto transactions are advised to use mobile apps from the banks for the time being. The gangs have not yet succeeded in manipulating the barcodes used in Boleto transactions by means of malware on a mobile phone.