Cyber-criminals on opposite sides of the globe have defeated time differences and language barriers to team up and drive the evolution of the ever-changing malicious tools used in attacks.
Researchers from Kaspersky Lab investigated the Brazilian and Russian cyber-crime underground and discovered that the two countries have established an alliance in recent years.
Brazilian cyber-criminals seek out samples on Russian underground forums by buying new crimeware and ATM/PoS malware or offering their own services. The trade goes both ways with the alliance helping to speed up the evolution of malware.
Just two weeks ago, Steam Stealer malware was discovered targeting credentials on an online gaming platform. Gamers in Russia and Brazil fell victim to the malware.
An underground forum frequented by Russian-speaking users had a user with the name Doisti74. This user had an interest in purchasing Brazilian “loads”, better known as successful installations, of malware on victim PCs located in Brazil.
The same username was found in the Brazilian underground scene, where he is known as an active user of forums and was identified as someone who spreads ransomware that targets Brazilian users.
Cyber-criminals are also borrowing malicious technologies from one another. Since at least 2011, Brazilian crooks have been abusing the outdated technology known as PACs to redirect victims to fake banking pages.
Kaspersky Lab found the same technique being used in Capper, another banking Trojan targeting Russian banks and probably developed by Russian-speaking hackers.
These are only a few of the many examples of collaboration that Kaspersky Lab has discovered in recent years occurring between Brazilian and Russian-speaking cyber-criminals.
“Just a few years ago, Brazilian banking malware was very basic and easy to detect. With time, however, the malware authors have adopted multiple techniques to avoid detection, including code obfuscation, root and bootkit functions and so on, making their malware much more sophisticated and harder to combat. This is thanks to malicious technologies developed by Russian-speaking criminals. And this cooperation works both ways,” said Thiago Marques, security researcher at Kaspersky Lab.
“We think the best way to address this kind of international threat is to conduct an international investigation of these activities. Just as cyber-crime has no borders, nor should any investigation,” Marques concluded.