World Cup Brazil 2014: How cybercriminals are looking to score
by Fabio Assolini - Malware Analyst, Global Research and Analysis Team, Latin America, Kaspersky Lab - Tuesday, 10 June 2014.
PoS devices are very common in Brazil; in fact, credit cards are the preferred way to buy goods. As a result, cybercriminals look to take advantage. One way they accomplish this is when people hand over their cards to the staff in restaurants and stores. Criminals can easily clone the card behind closed doors without the patron seeing.

Another way Brazilian cybercriminals are cloning credit cards is through malware. They export PoS malware from Eastern Europe and use it locally, to infect machines and sniff credit card numbers. One example is the “Chupa Cabra malware”, Trojan-Spy.Win32.SPSniffer, a malware family with several variants developed in Brazil and seen in the wild since 2010.

This Trojan affects PoS and PIN pad devices, both of which are very common in the country. The Trojan infects the computer and sniffs the data transmitted through a USB or serial ports. Usually PIN pads are equipped with security features to ensure that security keys are erased if a device is tampered with. However, Track 1 data (credit card numbers, expiration dates, service code and CVV) and the public CHIP data aren’t encrypted in the hardware of old and outdated devices. Capturing this data is enough to clone a credit card. Although operators are aware of the problem, the continued emergence of new variants of this malware allows these attacks to remain effective.

ATM skimmers and jackpot malware

Brazil is among the countries that has most ATMs worldwide, according to the World Bank. So there are more than 160,000 opportunities for fraudsters to install a skimmer (also known as “Chupa Cabra devices”). Most skimmers can be foiled by covering the key pad with a person’s hand while entering a PIN, but there are some who take skimming to a whole new level and install an entirely fake ATM.

Another interesting trend in Brazil and Latin America is “jackpot” malware, such as Ploutus in Mexico. In these cases, cybercriminals infect the ATM using a USB stick and the malware makes it possible to remove all the money from that ATM.

Whether you are planning to travel to Brazil for the World Cup or follow it online, your best protection is a keen eye – don’t trust any messages you receive, and double-check before clicking links. Never accept or ask for help from strangers when using ATMs, even if they don’t look suspicious, and wherever possible try to pay using a wireless PoS device – they’re a bit more secure than the older ones connected to serial or USB ports.

Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //