Amid the bustle of World Cup 2014 in Brazil, attackers have also kept themselves busy by targeting the Boleto payment system, one of the widely-used payment methods in Brazil and siphoning off millions to billions of dollars in stolen money.
Researchers from RSA Security disclosed the hacking incident involving hundreds of thousands of financial transactions that have made bank account owners losing their money to cyber criminals.
The attacks were targeted at Boleto Bancario, where banks issue financial documents called Boleto Bancario for clients to conduct financial transactions such as bill payments and other liabilities. Boletos come in the form of print or electronic documents and are embedded with a bar code, identification of the bar code and identification number.
RSA said the Boleto fraud actually has been operating for two years now, and it originally worked on offline transaction of payments but through the years have evolved into an electronic form because of the sophisticated additions introduced by its malicious creators.
The malware now runs on Chrome, Firefox and Internet Explorer as man-in-the-browser attack that takes advantage of loopholes in computers running all versions of Windows operating system. Users are anonymously led to a money mule account from Boleto payments.
The most alarming aspect of the attack is its surreptitious nature such that it cannot be seen by a user or detected by Web tools for security. According to RSA, nearly 500,000 fraudulent transactions involving Boleto have been recorded since 2012 and whose amount of stolen money has reached nearly $4 billion.
Compared to the scope of other international cyber crime groups, Boleto is relatively limited in scale, though it has become a far-reaching malware in Brazil’s financial institutions and cyber criminals are finding it more and more profitable.
The malware used in the Boleto fraud is a combination of techniques from other malware, so it is nothing novel but a derivative. However, its nature as an MitB attack is what makes for its distinguishing factor, making it hard for ordinary anti-malware software to detect it.
That is particularly so because the fraud uses unique ID number fields that have no link to the payee, a piece of information that is usually disregarded for its insignificance in general. What makes the malware further hard to detect is because the transactions come from the computers of customers who make the Boleto transactions, according to RSA.
It is also a wonder that the Boleto malware affects only Windows-based transactions involving online payments, indicating that the malware have infected browsers only in Microsoft’s operating system.