Brazilian cybercriminals are attacking customers of international banks. The discovery was made by Kaspersky’s team of researchers in Latin America and released on Tuesday (14). The experts revealed Tetrade, a set of Trojans Guildma, Grandoreiro, Javali and Melcoz that are able to steal information saved in the browser or in the computer’s memory so that criminals have remote access to the victim’s Internet Banking. In addition to Brazil, the four malicious programs have already reached users in Chile, Mexico, Portugal and Spain.
READ: Internet profiles are impersonating the government and deceive 345,000
According to security experts, at least one of the Trojans appears to be interested in attacks in the United States, China and elsewhere in Latin America. The anti-virus developer said it did not have the number of victims or the amount stolen, as its analysis focuses on the functioning of the malware and that this data could only be ascertained through a police investigation.
Brazilian criminals use Trojans to attack international bank customers – Photo: Rodrigo Fernandes / dnetc
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
The four trojans act by stealing bank credentials saved in browsers or in the computer’s memory, ensuring remote access to the victim’s Internet Banking. Some of them also steal Bitcoin wallets, replacing the attacked person’s cryptocurrencies with the criminal’s so that the victim doesn’t notice the scam.
Certain modules allow cybercriminals to carry out transactions relating to Internet banking transactions, steal passwords and monitor the clipboard of the hacked device. In certain cases, the attacker is able to carry out fraudulent transactions using the victim’s computer, circumventing security schemes used by banks.
According to Kaspersky, Brazilian criminals have created a professional system to recruit hackers from other countries to collaborate with the theft. They work together on a MaaS («malware as a service», or «malware as a service») system, where server owners give access to a botnet that distributes malware in exchange for payment. These international partners are responsible for the attacks, as well as dealing with the stolen money.
Four tips to protect your information online
To prevent this type of attack from occurring, banks must monitor threats closely, improve authentication procedures and improve anti-fraud technologies. In addition, according to Kaspersky’s recommendations, banking institutions need to provide security teams with updated threat intelligence reports.
For users, the first tip to avoid a Trojan horse is just to download a program or file from a trusted source. It is also important to keep the operating system and browser up to date, as attackers often take advantage of known security holes in these platforms.
In addition, having a firewall running is also essential, as the software can prevent a Trojan from being downloaded to your computer. Naturally, the antimalware program needs to be updated in order for new threats to be detected.