Criminals in Brazil celebrate card cloning with funk on YouTube

Criminals in Brazil celebrate card cloning with funk on YouTube

In addition to leading all malware rankings in Latin America, Brazil is also the country with the most cases of credit card cloning at points of sale in the region. With 77.37% of all attacks dedicated, it is followed by Mexico, distant, with only 11.60%. In the country, highlighted in this type of coup among Latin Americans, it is still common to see public demonstrations by criminals in celebration of crimes, with funks and videos on YouTube. The details are Fábio Assolini, an analyst at Kaspersky in Brazil.

‘We need to protect everything’, says Eugene Kaspersky

1 of 2 Kaspersky – Photo: Melissa Cruz / dnetc

Kaspersky – Photo: Melissa Cruz / dnetc

The certainty of impunity is so great that, on YouTube, it is common to find music videos that condone the crime of card cloning. In the lyrics, groups celebrate the coup and celebrate the fact that, with cloned cards, they can buy whatever they want. A simple search for «cloned card» reveals the videos. The action usually characterizes conspiracy, since there are several characters in the application, from installing the malware to reselling data.

«Usually the malware developer, the skull behind the scam, does not expose himself until the end of the fraud, collecting and selling credit card data, for example. There are always other people involved,» explains Assolini.

At the end of the lecture, Assolini – who revealed that he had already been a victim of the card cloning scam – showed the videos of «Bonde do Cartão Clonado». Without any ceremony, young people show faces, nicknames and photos of the cloned cards and purchases made with the stolen data. The analyst further explained that, almost always, the credit card company discovers the fraud, after receiving a rain of complaints, requests for chargeback on the invoice and cancellations.

More than 1,000 attacks at points of sale

During Kaspersky’s 7th Latin American Security Analysts Summit in Buenos Aires, Argentina, researchers at the antivirus company revealed that there are more than 40 malware families targeted. To give you an idea, between 2015 and 2016, there were more than 1,300 attacks registered by the security company. In the two-year period, hackers cloned cards using the free Dexter malware, a freely available open source. That number reached 1,000 attacks in the first eight months of 2017 alone. This time, using the NeutrinoPOS malware – also used denial of service (DDoS) attacks.

“The losses caused to banks by cloned cards can reach millions a year and hackers are constantly creating new versions. As a result of the cloning, the criminals resell the information on the cards that were cloned in the underground market, ”adds the Brazilian specialist.

2 of 2 Kaspersky – Photo: Melissa Cruz / dnetc

Kaspersky – Photo: Melissa Cruz / dnetc

Attackers use a type of malware for PoS: point-of-sale virus, which affects credit card readers and cash registers. Installation is usually manual. Either the criminal has access to the computer on which the transaction takes place or, posing as a legitimate representative of card machines, exchanges the machines for other adulterated ones.

Credit card cloning

Most common methods in Latin America
Adulterated payment machines (PINPads)
Fake ATM (adulterated ATM)
Social engineering (photos and cards online)
Phishing (data request by email)
Malware in POS payment systems

These attacks have been occurring since 2005, when legitimate programs were used to intercept traffic from payment networks that were not encrypted. In recent years, it has been common to manually install the trojan, aimed at transaction machines at gas stations, for example. The solution to this type of attack was to update the firmware of the PINPad type machines used in Brazil. A family of malware called SP Sniffer, however, was used until 2014, with more than 40 modifications. Currently, card cloning via POS uses a code that has RAM scraping functions, which collect important data from the card that has not yet been encrypted very quickly and without signals.

In addition, credit cards with a security chip are no longer as secure. A more sophisticated method called a “skimmer” (or goat sucker) can make copies of data when the card is inserted into a tampered ATM. Or, in some cases, cut the chip off the card – physically stealing the data.

According to the company, more than 22% of the adult population in the region has at least one credit card and 72% of payment transactions in general are made in this format. The solution to avoid this crime will be to charge the companies that provide the payment service with greater security concerns and follow some simple tips when using your card.

  • When making payments, cover the keyboard with your hand when entering the password;
  • Do not allow employees to take your card away from you;
  • Choose to withdraw money from bank tellers, avoid withdrawing on the street;
  • Always have more than one card available and always check the invoice;
  • Activate purchase notification via SMS at the bank or card company.

* The journalist traveled at Kaspersky’s invitation