Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lordfenix: 20-year-old Brazilian has written 100 banking trojan

Trend Micro has identified Lordfenix, a student that created more than 100 different banking Trojans and other malicious tools, since April 2013. Security experts at Trend Micro have identified a 20-year-old Brazilian student which has developed and distributed more than 100 Banking malware. The young cyber criminal, which used the pseudonym of ‘Lordfenix’, ‘Hacker’s Son’ and […]

Lordfenix: 20-year-old Brazilian has written 100 banking trojan

Trend Micro has identified Lordfenix, a student that created more than 100 different banking Trojans and other malicious tools, since April 2013.

Security experts at Trend Micro have identified a 20-year-old Brazilian student which has developed and distributed more than 100 Banking malware. The young cyber criminal, which used the pseudonym of ‘Lordfenix’, ‘Hacker’s Son’ and ‘Filho de Hacker’, was selling each banking trojan for around US$300 since 2013.

Trend Micro reported that the student started his activity by attending principal hacking forums, where he found the collaboration of other malware authors.

“A 20-year-old college student whose underground username is Lordfenix has become one of Brazil’s top banking malware creators. Lordfenix developed his underground reputation by creating more than a hundred online banking Trojans, each valued at over US$300. Lordfenix is the latest in a string of young and notorious solo cybercriminals we’re seeing today.” Trend Micro says

Over the time Lordfenix has “grown quite confident in his skills” and incremented his business by developing custom-malware for his clients.

“Based on our research, Lordfenix has created more than 100 different banking Trojans, not including his other malicious tools, since April 2013,” Trend Micro added. “With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture.”

lordfenix offer

Lordfenix has begun by offering free versions of fully-functional Banking Trojan source code on the underground forum, the free version was working to target customers of four Brazilian banks including Bank of Brazil, Caixa, and HSBC Brazil. The model of sale was simple as efficient, Lordfenix offered further customization of the banking trojan to target other financial institutions.

Lordfenix has since continued to develop and sell banking Trojans, one of which we detect as TSPY_BANKER.NJH. This Trojan is able to identify when a user types any of its target banks’ URLs. Among these targets are Banco de Brasil, Caixa, and HSBC Brasil.” continues Trend Micro.

Across the time Lordfenix has improved its malware by adding further features, like protection against security products. Lordfenix’s malware is able to discover and kill the GbpSV.exe process associated with the software G-Buster Browser Defense, a security program used by many Brazilian banks to protect their customers.

Lordfenix activities confirm the efficiency of the model of sale dubbed malware-as-a-service, aside its unquestionable abilities he benefits of the following factors as explained by Trend Micro:

  • Brazil has a huge online banking user base. In 2013 alone, around 51% percent of all banking transactions within the country were done via the Internet.
  • Digital crime is not necessarily a top priority in Brazil. The penalties against offenders are currently very low.

Pierluigi Paganini

(Security Affairs – banking trojan, Lordfenix )