A cybercrime ring may have stolen nearly $4bn from more than 192,000 accounts over a two-year period using malware to intercept Brazilian online payment system Boleto, according to a paper published by RSA.
The malware has only been found through Boleto transactions processed on PCs running Microsoft Corp’s Windows software.
Go deeper with GlobalData
The members of the cybercrime ring were using a program known as ‘Eupuds’, which re-directed funds from Brazil’s Boleto Bancário online payment system.
The paper says that the malware fraud could have affected at least 34 different bank brands in Brazil.
RSA said they believe the operation, which may have begun as early as late 2012, is still going on. It has already handed over fraudulent Boleto ID numbers and attack characteristics to the FBI and Brazil’s federal police.
A representative for Brazilian banking association FEBRABAN declined to comment on the report, saying the group was not granted access to its content.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData
