Lordfenix: 20-year-old Brazilian has written 100 banking trojan
Trend Micro has identified Lordfenix, a student that created more than 100 different banking Trojans and other malicious tools, since April 2013.
Security experts at Trend Micro have identified a 20-year-old Brazilian student which has developed and distributed more than 100 Banking malware. The young cyber criminal, which used the pseudonym of âLordfenixâ, âHackerâs Sonâ and âFilho de Hackerâ, was selling each banking trojan for around US$300 since 2013.
Trend Micro reported that the student started his activity by attending principal hacking forums, where he found the collaboration of other malware authors.
[adsense size='1']
âA 20-year-old college student whose underground username is Lordfenix has become one of Brazilâs top banking malware creators. Lordfenix developed his underground reputation by creating more than a hundred online banking Trojans, each valued at over US$300. Lordfenix is the latest in a string of young and notorious solo cybercriminals weâre seeing today.â Trend Micro says
Over the time Lordfenix has âgrown quite confident in his skillsâ and incremented his business by developing custom-malware for his clients.
âBased on our research, Lordfenix has created more than 100 different banking Trojans, not including his other malicious tools, since April 2013,â Trend Micro added. âWith each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture.â
Lordfenix has begun by offering free versions of fully-functional Banking Trojan source code on the underground forum, the free version was working to target customers of four Brazilian banks including Bank of Brazil, Caixa, and HSBC Brazil. The model of sale was simple as efficient, Lordfenix offered further customization of the banking trojan to target other financial institutions.
âLordfenix has since continued to develop and sell banking Trojans, one of which we detect as TSPY_BANKER.NJH. This Trojan is able to identify when a user types any of its target banksâ URLs. Among these targets are Banco de Brasil, Caixa, and HSBC Brasil.â continues Trend Micro.
[adsense size='1']
Across the time Lordfenix has improved its malware by adding further features, like protection against security products. Lordfenixâs malware is able to discover and kill the GbpSV.exe process associated with the software G-Buster Browser Defense, a security program used by many Brazilian banks to protect their customers.
Lordfenix activities confirm the efficiency of the model of sale dubbed malware-as-a-service, aside its unquestionable abilities he benefits of the following factors as explained by Trend Micro:
- Brazil has a huge online banking user base. In 2013 alone, around 51% percent of all banking transactions within the country were done via the Internet.
- Digital crime is not necessarily a top priority in Brazil. The penalties against offenders are currently very low.
Gloss