Do you know what Boleto malware is?
Boleto is one of the popular payment systems that can be used with printed paper and electronic transfers. Boleto, or Boleto Bancario, is a Brazilian money transaction service, and it is used to make payments in supermarkets, post offices, and other institutions. The Boleto service has been attacked by hackers several times, the latter of which is known to be associated with the Zues Trojan.
The latest instance of Boleto malware uses the techniques typical of GameOver Zues. The infection bypasses security solutions, including firewall, web-filters, and network intrusion detection systems. This Boleto Trojan downloads the encrypted data, which is encrypted with a 32-bit key, and decrypts it in order to commit a fraud.
Earlier this year, two other instances of Boleto malware were detected, one of which performed Document Object Model (DOM) manipulations, while the other one scanned the web page in order to detect and Boleto numbers.
The first variant of the malware affected the Internet Explorer browser. The attackers change the information on the web page and alter the field for the receiver of a Boleto payment. This fraud is hidden from the user, which means that an unsuspecting user transfers his/her money to an unknown receiver, i.e. some remote attacker.
Another variant is called Coleto, and this infection is aimed at Mozilla Firefox and Google Chrome. The Coleto Trojan installs a malicious browser extension that analyses the web pages for numbers patterns typical of Boleto numbers. When the necessary pattern is detected, the infection changes the number with a number linked to the attackers’ account.
It is believed that Boleto infections have compromised nearly 500,000 Boleto transactions over a two-year period and have stolen up to $3.75bn.
Different Windows operating systems are known to have been affected by this infection; however, Windows 7 is estimated to be affected the most. Due to the fact that Boleto malware performs man-in-the-browser attacks, all malicious activities are invisible to the victim and the Internet browser. As a result, the end user may not suspect that the computer requires a thorough examination and that some malicious infection has to be removed.
It has been found that Boleto infections have not affected mobile applications and digital wallets, which means that mobile devices are one of the means to prevent the Boleto malware. However, it is important to be alert to the possibility that the attackers will soon create a new technology enabling them to steal money through mobile devices.
If you do not want to suffer adverse consequences related to the Boleto malware, you should be very careful when dealing with spam emails, their attachments, and links. Messages from unknown senders and should be deleted immediately; moreover, update security programs should be used.
In non-techie terms:
If you want to avoid Boleto infections, pay more attention to your online security. Delete spam emails and avoid insecure website, such as software distribution websites and adult-oriented websites.