Another way Brazilian cybercriminals are cloning credit cards is through malware. They export PoS malware from Eastern Europe and use it locally, to infect machines and sniff credit card numbers. One example is the “Chupa Cabra malware”, Trojan-Spy.Win32.SPSniffer, a malware family with several variants developed in Brazil and seen in the wild since 2010.
This Trojan affects PoS and PIN pad devices, both of which are very common in the country. The Trojan infects the computer and sniffs the data transmitted through a USB or serial ports. Usually PIN pads are equipped with security features to ensure that security keys are erased if a device is tampered with. However, Track 1 data (credit card numbers, expiration dates, service code and CVV) and the public CHIP data aren’t encrypted in the hardware of old and outdated devices. Capturing this data is enough to clone a credit card. Although operators are aware of the problem, the continued emergence of new variants of this malware allows these attacks to remain effective.
ATM skimmers and jackpot malware
Brazil is among the countries that has most ATMs worldwide, according to the World Bank. So there are more than 160,000 opportunities for fraudsters to install a skimmer (also known as “Chupa Cabra devices”). Most skimmers can be foiled by covering the key pad with a person’s hand while entering a PIN, but there are some who take skimming to a whole new level and install an entirely fake ATM.
Another interesting trend in Brazil and Latin America is “jackpot” malware, such as Ploutus in Mexico. In these cases, cybercriminals infect the ATM using a USB stick and the malware makes it possible to remove all the money from that ATM.
Whether you are planning to travel to Brazil for the World Cup or follow it online, your best protection is a keen eye – don’t trust any messages you receive, and double-check before clicking links. Never accept or ask for help from strangers when using ATMs, even if they don’t look suspicious, and wherever possible try to pay using a wireless PoS device – they’re a bit more secure than the older ones connected to serial or USB ports.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.