World Cup Brazil 2014: How cybercriminals are looking to score
by Fabio Assolini - Malware Analyst, Global Research and Analysis Team, Latin America, Kaspersky Lab - Tuesday, 10 June 2014.
PoS devices are very common in Brazil; in fact, credit cards are the preferred way to buy goods. As a result, cybercriminals look to take advantage. One way they accomplish this is when people hand over their cards to the staff in restaurants and stores. Criminals can easily clone the card behind closed doors without the patron seeing.

Another way Brazilian cybercriminals are cloning credit cards is through malware. They export PoS malware from Eastern Europe and use it locally, to infect machines and sniff credit card numbers. One example is the “Chupa Cabra malware”, Trojan-Spy.Win32.SPSniffer, a malware family with several variants developed in Brazil and seen in the wild since 2010.

This Trojan affects PoS and PIN pad devices, both of which are very common in the country. The Trojan infects the computer and sniffs the data transmitted through a USB or serial ports. Usually PIN pads are equipped with security features to ensure that security keys are erased if a device is tampered with. However, Track 1 data (credit card numbers, expiration dates, service code and CVV) and the public CHIP data aren’t encrypted in the hardware of old and outdated devices. Capturing this data is enough to clone a credit card. Although operators are aware of the problem, the continued emergence of new variants of this malware allows these attacks to remain effective.

ATM skimmers and jackpot malware

Brazil is among the countries that has most ATMs worldwide, according to the World Bank. So there are more than 160,000 opportunities for fraudsters to install a skimmer (also known as “Chupa Cabra devices”). Most skimmers can be foiled by covering the key pad with a person’s hand while entering a PIN, but there are some who take skimming to a whole new level and install an entirely fake ATM.

Another interesting trend in Brazil and Latin America is “jackpot” malware, such as Ploutus in Mexico. In these cases, cybercriminals infect the ATM using a USB stick and the malware makes it possible to remove all the money from that ATM.

Whether you are planning to travel to Brazil for the World Cup or follow it online, your best protection is a keen eye – don’t trust any messages you receive, and double-check before clicking links. Never accept or ask for help from strangers when using ATMs, even if they don’t look suspicious, and wherever possible try to pay using a wireless PoS device – they’re a bit more secure than the older ones connected to serial or USB ports.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th