College student tops Brazilian banking malware creator list

The 20-year-old is believed to have developed over 100 banking Trojans in only the past few years.

Trend Micro

A 20-year-old college student living in Brazil has developed and distributed over 100 Trojans tailored to steal financial information worth roughly $300 each, researchers say.

The Trend Micro security team says a student from Tocantins, Brazil, has become one of the country's top banking malware creators. The Computer Science student goes under the alias Lordfenix and has been traced back to 2013, when he reportedly first began dabbling in malicious code development.

The student first began by posting in forums, asking for programming assistance for a Trojan he was creating -- but these days has "grown quite confident in his skills," according to the researchers.

The hacker may have begun by asking for help to program Trojans, but now his work is used to target banks including Banco de Brasil, Caixa, and HSBC Brasil.

Since 2013, Lordfenix has continued to develop and sell banking-based Trojans, which can go for over $300 each. One of his creations is known as TSPY_BANKER.NJH, a Trojan which is able to identify when a user types any of a target bank's URLs. The malware then closes the current browser window -- if the victim is using Google Chrome -- before displaying an error message and opening a fake window in a "seamless" manner. If a victim then inputs their details into the spoofed window, the information is sent back to the attacker through email.

As an added precaution, the malware also terminates a security process called GbpSV.exe, which is used by many Brazilian banks to keep customer data safe through online transactions.

Trend Micro says the hacker is now offering free versions of the banking malware to forum members. The free options target users of four banks, but if you want to target additional financial institutions, you have to contact him for paid options.

"Based on our research, Lordfenix has created more than 100 different banking Trojans, not including his other malicious tools, since April 2013. With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture," Trend Micro says.

"In cybercrime, it doesn't matter if the criminal is a veteran or a newbie. The result remains the same: ordinary users become victims."

In Brazil, roughly half of all financial transactions are conducted online -- which means the country can be lucrative ground for hackers to exploit. Lordfenix is not the only young cybercriminal, however, which has taken to malware as an enterprise. Earlier this year, an individual in Brazil launched the FighterPOS malware, which was able to steal 22,000 credit card records by targeting retail systems.

Read on: Top picks