Brazilian

Cybercrime International, Ltd.

As the criminals join forces “intercontinentally” to improve their crimeware together, businesses and LEAs should work together as well. Cybersecurity is everybody’s business – today more, perhaps, than ever.

Yuri Ilyin
April 8, 2016

Kaspersky Lab experts have conducted extensive research on LatAm (specifically, Brazilian) and Russian cybercrime circles, and the recent discoveries show that these “bad guys” started cooperating for mutual benefit – and for increased risks for their potential victims.

According to Securelist’s Thiago Marques, Brazilian malware continues to evolve day by day, making it increasingly sophisticated, even though until recently it has been rather simple. Analyzing and detecting it wasn’t much of a chore “due to no obfuscation, no anti-debugging technique, no encryption, plain-text only communication, etc.”

Cybercrime International, Ltd. #cybercrime
Tweet

The picture has changed, however. Brazilian and Russian-speaking criminals have established a system of cooperation in recent years, with the former seeking out samples on Russian underground forums, buying new crimeware and ATM/PoS malware, or offering their own services. Brazilian malware, in turn, has become much more of a problem for victims and security researchers, as the new techniques of detection avoidance, code obfuscation, root and bootkit functions have arrived. These technologies, Kaspersky Lab experts said, were developed in the Russian cyberunderground.

The trade is two-way; the cooperation helped speed up malware evolution.

Not only has a cooperation system been established, but also Brazilian and Russian cybercrooks now share the same malicious infrastructure.

For example, a few months after an alleged Russian banking Trojan family (Crishi) started using an algorithm that generated domains in abuse-resistant hosting in Ukraine, Brazilian criminals behind the infamous Boleto malware campaigns also started using the very same infrastructure.

“Without some form of cooperation between the Boleto actors and those behind the domain-generating algorithm, it would have been impossible to make identification of command and control servers more difficult for researchers and law enforcement agencies”, Kaspersky Lab reports.

#Cybersecurity is everybody’s business – today more, perhaps, than ever.
Tweet

Malware evolution is something that may make individual users and businesses more likely to become victims of cyberattacks. International cooperation of cybercriminals “per se” doesn’t matter much: after all, crime doesn’t have borders.

But as the criminals join forces “intercontinentally” to improve their crimeware together, businesses and LEAs should work together as well. Cybersecurity is everybody’s business – today more, perhaps, than ever.

Tip of the week: free Safari from ad banners

Are you fed up with ad banners and popups, plaguing your iPhone? Install Kaspersky AdCleaner and clean your Safari from ads forever.

Privacy & Kids

TARGETED SECURITY SOLUTIONS

Industries

Cybercrime International, Ltd.

An unusual method of stealing data from surveillance cameras

Residential proxies: understanding the risks for organizations

Tip of the week: free Safari from ad banners

Tips

Advertisers sharing data about you with… intelligence agencies

Watch the (verified) birdie, or new ways to recognize fakes

Switching to Kaspersky: a step-by-step migration guide

Is it the boss – or is it a fraudster? Scams disguised as urgent orders from top brass

Sign up to receive our headlines in your inbox

Home Products

Small Business Products

Medium Business Products

Enterprise Solutions

Securelist

Eugene Personal Blog

Encyclopedia