Cyber crooks may have stolen billions in Brazilian online payments

Cyber crooks may have stolen billions in Brazilian online payments

Cyber criminals may have stolen billions of dollars from a popular Brazilian online payment system using malicious software that caused the funds to be sent to accounts controlled by fraudsters, according to a research report released Wednesday.

EMC Corp's RSA Security said cyber criminals have been using software known as "Eupuds" to steal funds from customers of Brazil's widely used Boleto Bancário payment system, redirecting them to fraudulent accounts.

RSA estimates that fraudsters sought to siphon off as much as 8.6 billion reais (S$4.87 billion) from more than 192,000 accounts, though the actual amount stolen could be less because researchers were unable to confirm which Boletos were actually paid out.

They said they believe the operation is still ongoing and have offered to help Brazilian authorities crack down on the operation, which may have begun as early as late 2012. RSA said it met with members of Febraban, the group that represents the banking industry in Brazil.

A representative for Febraban declined to comment on the report, saying the group was not granted access to its content.

The malware currently only targets Boleto transactions processed on PCs running Microsoft Corp's Windows software. "We're concerned that the attackers will be able to develop the malware for other platforms," said Jason Rader, director of cyber threat intelligence with RSA. "These attackers have online and offline techniques, and they've understood vulnerabilities in these operating systems." Brazilians use Boletos to process online payments for items including utility bills, rent, online purchases and small business transactions.

When a computer infected with the "Eupuds" software is used to process a Boleto payment, it is very difficult for the customer to detect that the account has been modified because the validation screens often display the original inputs to make the fraudulent Boleto look authentic, according to RSA.

This website is best viewed using the latest versions of web browsers.