Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around US$300.
Known online as 'Lordfenix', 'Hacker's Son' and 'Filho de Hacker', the computer science student first began his career by posting in forums, asking for programming help for a Trojan he was developing, researchers said.
Developed More than 100 Trojans
However, Lordfenix has "grown quite confident in his skills" and began developing and distributing malware tailored to pilfer financial information since at least 2013.
"Based on our research, Lordfenix has created more than 100 different banking Trojans, not including his other malicious tools, since April 2013," Trend Micro says. "With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture."
Trend Micro has also provided an image of the hacker's Facebook wall post (given below) in which the hacker shows a considerable amount of local currency.
Hacker is Offering Free Versions of Banking Trojans
In order to expand his operation, Lordfenix has now begun offering free versions of fully-functional Banking Trojan source code other wanna-be cyber criminals on the underground forum.
Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM
Stay ahead with actionable insights on how ITDR identifies and mitigates threats. Learn about the indispensable role of SSPM in ensuring your identity remains unbreachable.Supercharge Your Skills
The free versions of the Trojan can be used to steal login details from customers of four different Brazilian banking websites including HSBC Brazil, Bank of Brazil, and Caixa. For access to other financial institutions, 'clients' have to pay for a more powerful tool, TSPY_BANKER.NJH.
TSPY_BANKER.NJH is a Trojan capable to identify when a user enters any of a target bank's URLs into their browser. The malware then shuts down the browser window (if it is running on Google Chrome), displays an error message, and then opens a fake Chrome window.
Once the victim enters the login details into the fake window, the information is sent back to the attackers address via email.
As an extra precaution, Lordfenix's malware also includes a software program to terminate a security process called GbpSV.exe, which is used by large number of Brazilian banks in an effort to keep their online customer data secure.
Malware Threat to Online Banking is Growing rapidly and countries like Brazil, where almost half of all financial transactions are conducted online, have come up as a boon for hackers.