Industry News

Brazilian Boleto Thieves Stole $3.75B in transactions, RSA Reports

Brazilian Boleto Thieves Stole $3.75B in transactions, RSA Reports

Brazilian Boleto Thieves Stole $3.75B in transactions, RSA ReportsWith all eyes on the 2014 FIFA World Cup, a gang of cyber-thieves has compromised around 500,000 transactions in Boletos, a popular payment method used in Brazil for online payments, according to security researcher Brian Krebs.

Brazilian Boletos are used as an alternative to credit cards to complete online purchases via a bank’s Web site. Unlike credit cards, payments made via Boletos cannot be disputed and can only be reverted by bank transfer.

The “Bolware” operation affects more than 30 different banks in Brazil and “may be responsible for up to $3.75 billion USD in losses,” the RSA estimated after discovering a botnet control panel that recorded nearly a half-million fraudulent transactions.

Brazilian banks require users to install a browser plugin which secures their transactions. However, the malware implanted by the attackers successfully disables the security plugin and performs a man-in-the-middle attack to redirect funds to some 8,000 mule accounts, the report said.

Attackers also harvest usernames and passwords to spread malicious spam to the victims’ contacts. As a result, more than 192,000 PCs have been infected and at least 83,000 sets of user credentials were stolen.

RSA researchers recommend using a mobile device to manage this type of transactions, as it is not known to be vulnerable.

“As the malware does not alter the barcode (for now), the safest approach is to use mobile banking applications available on smart phones (for now, immune to this malware) to read the barcode and to make payments,” the company said in its report.


About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.