The Brazilian underground’s emergence can largely be attributed to an environment where quick returns at low risk entice individuals to enter the online crime business. Socio-economic factors also play into this dynamic, as does a lack of law enforcement, which altogether practically drives individuals to online crime. A year ago, Trend Micro took its first look into the Brazilian cyber underground in The Brazilian Underground Market: The Market for Cybercriminal Wannabes? In Ascending the Ranks:The Brazilian Cybercriminal Underground in 2015, Trend Micro’s Forward-Looking Threat Research (FTR) Team reexamines the dynamics of the Brazilian cyber underground and its latest trends.
Underground goods for sale
Brazilian cybercriminals mostly operate on the surface web via public forums and apps, largely due to the cybercriminals’ disregard for law enforcement and law enforcers’ inability to handle this challenge. Unlike other underground scenes, they don’t have a significant use of the deep web but this could change in the future to conceal money transfers.
This paper also looks into new products and services available, but there aren’t many surprises here. Typical black market offerings include malicious programs, as well as obfuscation tools that help criminals conceal their activities. Unsurprisingly, we see a broad variety of services and goods related to credit cards (e.g. credit card number generators) and banking Trojans, as well as modified Android apps that are designed to steal information.
Notably, the first localized version of ransomware—currently a hot item around the world—has been detected in the Brazilian forums. Some other new items we have taken note of include tutorials for newcomers, personally identifiable information (PII)-querying services, and items that used to be commonly traded in backstreets such as counterfeit items, counterfeit money, and faked documents.
Online banking: The most favored target
Banking malware remains the biggest seller in the Brazilian underground. This could partly be linked to the fact that Brazil is among the countries with the highest use of online banking systems. It has been noted in the past that banking Trojans are often built locally before getting widely dispersed, and that most of the banking malware seen today continues to originate or have ties to Brazil. This paper details how some banking malware have been recently found to be capable of locking users’ devices or computer screens after infiltrating the account, making it even more difficult for law enforcement agencies to track the perpetrators.
DIY: Tutorials for fellow cybercriminals
One service offered in Brazilian forums that was particularly noteworthy was specific trainings for upcoming cybercriminals, which are highly sought after. These trainings resemble online classes that equip a newcomer with everything required for a successful cybercriminal endeavor: from lessons in creating malware and setting up botnets to building a phishing site and monetizing a stolen credit card.
Easy access to this type of information, paired with an obvious weakness in Brazil’s anti-cybercrime laws, enable a thriving cybercrime scene. In part, the lack of effective law enforcement intervention emboldens Brazil’s cybercriminals to publicly parade around their achievements and actually draw unskilled criminals into the business. Get a more detailed look into the Brazilian cybercriminal underground in Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015.