Boleto malware may lose Brazil $3.75bn

Hacker Image copyright Thinkstock
Image caption Hackers may have pocketed $3.75 Billion

Researchers from an American security company have unearthed a substantial malware-based fraud ring.

The operation has infiltrated one of Brazil's most popular payment methods, Boleto, for two years.

An estimated 495,753 Boleto transactions have been compromised, which means the hackers could have stolen up to $3.75bn (£2.18bn).

Researchers say it is not known whether the fraudsters were successful in collecting on all of the transactions.

Boleto Bancario allows an individual to pay an exact amount to a merchant and can be used for almost every kind of transaction, from the weekly shop to phone bills.

Boletos can be used and generated both online for electric transfers and offline with printed paper.

The attack has been described by US-based security company RSA, a division of data storage corporation EMC, as "a major fraud operation and a serious cybercrime threat to banks, merchants and banking customers in Brazil".

It is not clear how much has been stolen or whether all the funds were successfully redirected to fraudster-controlled bank accounts.

However, this will have been the largest electronic theft in history if even half of the valued worth turns out to be in the hands of criminals, according to the New York Times.

The number of infected PCs totals 192,227 - an additional 83,506 email user credentials have also been stolen.

Known colloquially as a man-in-the-browser threat, the malware silently injects itself into users' web browsers after hackers have initially tricked individuals into clicking malicious links in seemingly ordinary looking emails. This is similar in principle to phishing scams.

Once the malware is in the browser, fraudsters can begin to intercept and alter Boleto details. This activity is invisible to the user.

"Because of its stealth capabilities, end-users also have little chance of detecting Boleto fraud on their own," said RSA researchers.

Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer are all vulnerable to the attack.

'A serious impact'

"Brazil has long been a hotbed of cybercrime, and although we don't know exactly what financial impact may have been caused by this sophisticated attack it's possible that different factors might have helped the hackers get away with it," said computer security analyst Graham Cluley.

"Sadly Brazilian computers aren't always necessarily running the very latest anti-virus software, and because Boletos aren't used outside of Brazil it might have made security companies less vigilant about the threat."

Boletos are the second most popular payment method in Brazil, responsible for an estimated 18% of all purchases during 2012.

"Such attacks will have a serious impact on the confidence we place in increasingly common digital payment methods," warned Dr Andrew Rogoyski, chair of techUK cyber-security group.

Mr Cluley advises users to "be cautious about opening unsolicited email attachments or clicking on unknown links, and keep your computer updated with security patches and the latest anti-virus".

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites