Brazilian Boleto Thieves Stole $3.75B in transactions, RSA Reports
With all eyes on the 2014 FIFA World Cup, a gang of cyber-thieves has compromised around 500,000 transactions in Boletos, a popular payment method used in Brazil for online payments, according to security researcher Brian Krebs.
Brazilian Boletos are used as an alternative to credit cards to complete online purchases via a bank’s Web site. Unlike credit cards, payments made via Boletos cannot be disputed and can only be reverted by bank transfer.
The “Bolware” operation affects more than 30 different banks in Brazil and “may be responsible for up to $3.75 billion USD in losses,” the RSA estimated after discovering a botnet control panel that recorded nearly a half-million fraudulent transactions.
Brazilian banks require users to install a browser plugin which secures their transactions. However, the malware implanted by the attackers successfully disables the security plugin and performs a man-in-the-middle attack to redirect funds to some 8,000 mule accounts, the report said.
Attackers also harvest usernames and passwords to spread malicious spam to the victims’ contacts. As a result, more than 192,000 PCs have been infected and at least 83,000 sets of user credentials were stolen.
RSA researchers recommend using a mobile device to manage this type of transactions, as it is not known to be vulnerable.
“As the malware does not alter the barcode (for now), the safest approach is to use mobile banking applications available on smart phones (for now, immune to this malware) to read the barcode and to make payments,” the company said in its report.