Pedro Bueno McAfee
In the current malware world, it is easy to spot stolen code being used by malware authors. However, the so-called banker infostealer trojans offer us a new way to see the cooperation amongst malware authors. The password-stealing trojans that focus on banking information are well-known pieces of malware. The evolution that has been observed in this specific kind of trojan is clear, including components that were added to the malware schema, downloaders and their redundancies, IM-spreading worms, targeted banking and cross-cultural trojan development. While the delivery method tends to be the same, using seasonal and common phishing emails to install small downloaders to get the large banker binaries, the actual backend malware will act in a different way. Historical rivals on the football (or soccer) field, Brazil and Argentina seem to have decided to join forces in the malware-writing world, particularly in the development of banking trojans, and we shall see in this presentation exactly how close they are on the malware development criminal schema.
But not all criminal minds thinks alike in South America, and we will also be able to understand the differences between the Brazil-Argentina alliance and malware developers in other neighbouring countries, like Colombia and Peru, who went down a different implementation route including their coding techniques and vectors utilized.