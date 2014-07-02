(Repeats for wider distribution)
By Michael Leibel
July 2 Cyber criminals may have stolen billions
of dollars from a popular Brazilian online payment system using
malicious software that caused the funds to be sent to accounts
controlled by fraudsters, according to a research report
released Wednesday.
EMC Corp's RSA Security said cyber criminals have
been using software known as "Eupuds" to steal funds from
customers of Brazil's widely used Boleto Bancário payment
system, redirecting them to fraudulent accounts.
RSA estimates that fraudsters sought to siphon off as much
as 8.6 billion reais ($3.9 billion) from more than 192,000
accounts, though the actual amount stolen could be less because
researchers were unable to confirm which Boletos were actually
paid out.
They said they believe the operation is still ongoing and
have offered to help Brazilian authorities crack down on the
operation, which may have begun as early as late 2012. RSA said
it met with members of Febraban, the group that represents the
banking industry in Brazil.
A representative for Febraban declined to comment on the
report, saying the group was not granted access to its content.
The malware currently only targets Boleto transactions
processed on PCs running Microsoft Corp's Windows
software.
"We're concerned that the attackers will be able to develop
the malware for other platforms," said Jason Rader, director of
cyber threat intelligence with RSA. "These attackers have online
and offline techniques, and they've understood vulnerabilities
in these operating systems."
Brazilians use Boletos to process online payments for items
including utility bills, rent, online purchases and small
business transactions.
When a computer infected with the "Eupuds" software is used
to process a Boleto payment, it is very difficult for the
customer to detect that the account has been modified because
the validation screens often display the original inputs to make
the fraudulent Boleto look authentic, according to RSA.
(Reporting by Michael Leibel in New York; Additional Reporting
by Guillermo Parra-Bernal in Sao Paulo; editing by Jim Finkle
and Andrew Hay)