A 20-year-old Brazilian kid has been revealed as the maker of more
than 100 banking trojans by the security firm Trend Micro. He is known
online by the name of ‘Lordfenix’, ‘Filho de Hacker’ and ‘Hacker’s Son.’
The security firm writes
that a 20-year-old college student from Tocantins, Brazil known by the
name Lordfenix has become Brazil’s top malware maker. He has developed
this reputation by giving birth to more than 100 online banking trojans.
Most of these banking trojans were sold by him for about $300 each.
He is a computer science student who earned this money between April 2013 and targeted banks like Bank of Brazil, HSBC Brazil and Caixa. He began his career by asking for hacking advice in forums and today he is found offering free version of highly-efficient banking Trojan source code to the forum members in the underground world.
One of the Trojans detected called TSPY_BANKER.NJH identifies and wakes up when a user enters its target banks’ URL. Then it closes the active browser window and displays an error message to open a new fake browser windows. This is so smooth and unnoticeable that user doesn’t have a clue.
Now the user enters the login username and password in the fake window and the trojan sends back the information to the attacker. For more protection, the trojan terminates the process GbpSV.exe associated with the popular security software G-Buster Browser Defense, a security program used by many Brazilian banks.
Lordfenix claims that these free versions can steal credentials of bank customers of four different banks. On the other hand, the paid $300 versions target more banks using the tricks to disable the popular security software popular in Brazil. The security company has posted a picture of programmer’s Facebook page that shows a big pile of local currency on his bed.
Apart from his expertise in this area, the other factors that helped Lordfenix were the facts that more than half-population of Brazil uses internet for transaction and dealing with digital crime isn’t a top priority in the country.
Did you like this story about the 20-year-old Trojan King? Tell us in comments.
Image: David Goehring/Flickr
He is a computer science student who earned this money between April 2013 and targeted banks like Bank of Brazil, HSBC Brazil and Caixa. He began his career by asking for hacking advice in forums and today he is found offering free version of highly-efficient banking Trojan source code to the forum members in the underground world.
One of the Trojans detected called TSPY_BANKER.NJH identifies and wakes up when a user enters its target banks’ URL. Then it closes the active browser window and displays an error message to open a new fake browser windows. This is so smooth and unnoticeable that user doesn’t have a clue.
Now the user enters the login username and password in the fake window and the trojan sends back the information to the attacker. For more protection, the trojan terminates the process GbpSV.exe associated with the popular security software G-Buster Browser Defense, a security program used by many Brazilian banks.
Lordfenix claims that these free versions can steal credentials of bank customers of four different banks. On the other hand, the paid $300 versions target more banks using the tricks to disable the popular security software popular in Brazil. The security company has posted a picture of programmer’s Facebook page that shows a big pile of local currency on his bed.
Apart from his expertise in this area, the other factors that helped Lordfenix were the facts that more than half-population of Brazil uses internet for transaction and dealing with digital crime isn’t a top priority in the country.
Did you like this story about the 20-year-old Trojan King? Tell us in comments.
Image: David Goehring/Flickr