Last-minute presentation: Brazil: land of plentiful bankers

Dmitry Bestuzhev Kaspersky Lab

 download slides (PDF)

Anyone who has analysed the code of malicious programs designed to steal users' banking information will probably agree that Brazil is one of the most active countries and the source of the largest number of so-called banking trojans. Why is Brazil the leader when it comes to creating this type of malware? Who is behind these crimes, and what is a typical cybercriminal like?

Certain social aspects of the country are one of the factors which encourage the growth of such crimes. What are the connections between Delphi, the programming language in which the majority of samples are written, the cybercriminals and the social factors that surround them?

The biggest banks in Brazil are Banco do Brasil, with a total of 7,900,000 online banking clients; Bradesco, with 6,900,000 online banking clients, Itaú, with 4,200,000 online banking clients, and Caixa with 3,690,000 online banking clients. How do these banks ensure that client transactions are secure? Often a special plug-in, G-Buster, has to be installed before a client can access the bank's main page; this plug-in is designed to prevent malicious code from running on the client machine while authorization is being performed or a transaction being made. What additional security mechanisms are used? How do cybercriminals combat these mechanisms? Several examples will be given of the methods used by cybercriminals.

Which social networking sites are commonly used by virus writers to steal banking data? Which malicious programs that are not, strictly speaking, banking trojans, are used to steal money? Where is stolen data stored and in what form? Which bank's clients suffer from the greatest number of attacks and why? And finally, taking a look beyond the official explanations, who's actually behind the Brazilian bankers, and where does the money go?

This presentation answers the questions above, and many others. All information in the presentation was collected in the course of personal research while living in Latin America.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.