Lessons from Brazil’s biggest defeat – Boleto

Brazilians have more to be concerned about than this week’s 7-1 defeat when they came up against a masterful German football team. Off the field, the Boleto malware has scored big time in a $3.75 billion heist, without a red card in sight.

A Boleto is a Brazilian financial document, similar to a money order, allowing a customer to pay a merchant. Bank account holders issue Boletos when making purchases either online or offline. Boleto malware has infected nearly 200,000 Brazilian PCs and is capable of fraudulently issuing Boletos without the knowledge of the bank account holder. Nearly half a million fraudulent transactions have been identified, involving around 30 banks.

According to the Identity Theft Resource Centre, Boleto malware has resulted in more than 60,000 Brazilian customer records being exposed every day this year – roughly the equivalent of the spectator capacity at a world cup football stadium, every single day.

In an acknowledgement that their anti-virus software cannot detect Boleto malware, McAfee advise Brazilians to do their banking on a mobile device rather than a PC. IBM also recommend mobile banking to avoid Baleto on PC. That’s a bit like an own goal. However, the so-called “Boleto Bandits” have no qualms about playing dirty or off sides and could well introduce a mobile version any time soon. Foul play is the basic nature of this malware game.

An effective protection against Boleto malware is one that prevents web injects, DOM manipulation, malicious browser extensions, and does not rely upon reactive signature-based scanning. This is like combining the Messi, Neymar, Muller, and Klose of the security world, in an all-star team. Skilful techniques such as a dedicated banking application have been developed to tackle this attack, to outmanoeuvre this opposition, keep possession, and win outright against this threat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: