Channel NewsAsia

Brazil cybertheft could be biggest ever

A scheme that has been skimming funds from Brazilian bank payments over the past two years may be the largest cybercrime heist in history, at some US$3.75 billion, security researchers say.

WASHINGTON: A scheme that has been skimming funds from Brazilian bank payments over the past two years may be the largest cybercrime heist in history, at some US$3.75 billion, security researchers say.

The scheme targets a Brazilian payment system called the Boleto, which can be issued online and used for most types of payments in the South American country, according to a report from the security firm RSA which appeared last week and has gained attention in cybersecurity circles.

RSA researchers said the fraud scheme that first emerged in 2012 infected over 192,000 computers and led to some 495,000 fraudulent transactions.

The total amount of losses for 30 banks was estimated at up to US$3.75 billion, the researchers said.

Boletos are similar to money orders, and are extremely popular in Brazil for online and offline payments,

RSA said the "Bolware" malware effectively disguises the transactions, making it hard for consumers to detect fraud.

It said banks in Brazil "have made significant investments to battle this malware using a variety of different security and anti-malware measures" but that "the Bolware gang has continued to innovate, revising their purpose-built malware through 19 different versions."

Brian Donahue at the security firm Kaspersky Labs said Boleta fraud has been known for some time but that the amounts are disputed.

"I have been told the number may sit near US$1.1 billion," he said in a blog post Wednesday.

"Whichever is correct, Boletos are costing Brazil a lot of money."

Gary Davis at McAfee Labs said the malware is spread "through familiar phishing techniques that any online user can fall prey to."

The hackers "used advanced evasion techniques - techniques which either erase or hide the footprints of malware - to avoid detection by anti-malware programs and plug-ins," Davis said in a blog.

Tweet photos, videos and updates on this story to  @channelnewsasia