A deep look into the Brazilian underground cyber-market

Pierluigi Paganini November 20, 2014

Trend Micro has published a new study on black cyber-markets focusing on product and services offered on the Brazilian underground.

Trend Micro has published a new interesting report on the underground cyber-markets, this is a third study focused on the Brazilian cyber-underground offer, the previous ones analyzed Russian and Chinese marketplaces.

The new study, exactly like previous analysis, describes a thriving marketplace where cyber criminals proposes their services and products to criminal crews that instead of creating their own attack tools from scratch could benefit of the competitive offer. The study reports the principal solution and services proposed to the crooks in a model of sale known as crime-as-a-service that is able to attract new actors in the cyber arena.

A first data that immediately catches the attacention of the experts is decrease of prices recently offered, this is a further element of attractive for criminals that look to the cyber crime with increasing interest.

“The barriers to launching cybercrime have decreased. Toolkits are becoming more available and cheaper; some are even offered free of charge. Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cybercriminals in the said countries. Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online “shops” harder for law enforcement to find and take down.” states the ‘The Brazilian Underground Market’ report.

Another element of distinction between the Brazilian underground and the Russian and Chinese ones, is the availability of training services, for this reason, the Brazilian underground ecosystem is also considered as the market for cybercriminal Wannabes.

“What distinguishes the Brazilian underground from others is the fact that it also offers training services for cybercriminal wannabes,” according to the whitepaper. “Cybercriminals in Brazil particularly offer FUD (fully undetectable) crypter programming and fraud training by selling how-to videos and providing support services via Skype. Anyone who is Internet savvy and has basic computing knowledge and skill can avail of training services to become cybercriminals. How-to videos and forums where they can exchange information with peers abound underground. Several trainers offer services as well. They even offer support when training ends.”

The Brasilian cyber criminals seem to be more ruthless in the use of media platforms like Facebook, YouTube, Twitter, Skype, and WhatsApp, differently from Russian and Chinese players that “hide in the Deep Web and use tools that ordinary users do not such as Internet Relay Chat (IRC) channels”

For several years, Brazil has been known for the offer of banking Trojans, many malware were designed by Brazilian which targeted internal banking users and that implemented several techniques to steal victims’
credentials. Brazil ranks second worldwide in terms of online banking fraud and malware infection, on a global scale it accounts for almost 9% of the total number of online-banking malicious code that compromised

Brazilian underground banking malware

Banking Trojan source codes are sold for around US$386 each, the offer allows buyers to modify their codes according to their needs, they can obfuscate strings, customize the composition of payloads and add crypters and other solution to evade the detection. Another product very popular are  Bolware kits and toolkits used to create bolware that are offered for around US$155, the applications offered by cybercriminals are user-friendly and implements an easy to use control panel for monitoring and managing infections and malicious activities.

Brazilian underground banking malware prices

The Brazilian underground also offers bank fraud courses for aspiring cyber-criminals, the courses are very articulated and propose detailed information for beginners to the criminal activities. The courses start presenting the fraud workflow and tools necessary to arrange a cyber fraud. Some coursed are arranged in modules that propose interesting information on the illegal practices to cybercriminal wannabes that can acquire also interactive guides and practical exercises (e.g., simulating attacks). A 10-module course for example is offered for US$468, the operators also offer updates and a Skype contact service.

According to the author of the study on the Brazilian underground market, Trend Micro Senior Threat Researcher Fernando Merces, several factors have contributed to the growth of cyber-criminal activity in the country like limited resources assigned to law enforcement and the existence of a flexible underground market.

“For example, Brazil has a lack of concrete laws and limited law enforcement agency resources that address cybercrime in the country,” he noted. “Additionally, the technological and consumer landscape in Brazil, which has a 50% Internet penetration rate, and a 69% credit card penetration rate, has made the country all too appealing for cybercriminals. However, another factor may have also contributed to Brazilian cybercrime: the existence of a flexible underground market with different offerings, ranging from banking Trojan development to online fraud training. The latter is highly notable as this is the most unique item in the market, which may not be found in other underground markets.” explained Merces in a blog post.  

The report details prices and products for many other products and services, including Credit card credentials and number generators, SMS-spamming services and phishing pages for popular banks.

Let me close the post with a meaningful statement from the author of the study that explains how is simple today to become a dangerous cybercriminal with limited resources.

“In Brazil, it’s possible to start a new career in cybercrime armed with only US$500,” Merces blogged. “Would-be cybercriminals are supported and helped by tools, forums, and experts from the dark side of the Internet. These bad guys do not fear the authorities and their groups get bigger in a short span of time.”

Let me suggest you read the full report published by Trend Micro, it is full of interesting data.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Brazilian underground, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]


you might also like

leave a comment