“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. It has been widespread since Janua

A hacker using the online moniker of ‘Kuroi’SH’ defaced the Google Brazil domain on Tuesday afternoon, this isn’t the first high-profile target he breached. A hacker using the online moniker of ‘Kuroi’SH’ defaced the official Google Brazil domain on Tuesday afternoon. The defaced page displayed a message greeting his friends for

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. Harvesting victims via weakly protected RDP (remote desktop protocol) connections, criminals are manually installing the ransomware and encrypting any files which can be found on the system. Interesti

IBM Research — Haifa Labs continually invests in the research and development of advanced malware analysis solutions that enhance IBM’s ability to quickly detect and neutralize malware as new and challenging threats arise. Our ongoing observations of the Brazilian cybercriminal landscape have revealed a perpetual rise in new malicious campaigns in this

The Brazilian malware landscape is notorious for its plethora of Delphi-based code and overall lack of sophistication. But much like the Russian-speaking malware scene, Brazilian cybergangs have been using better malware, such as the recently discovered Client Maximus, in their attacks. In the summer of 2016, malware like Zeus Panda and Sphinx were spotted i

The IBM X-Force Security Research team detected malicious AV-disabling drivers while investigating new remote overlay malware attacking banks in Brazil. The AV-disabling drivers are part of a financial malware designed to empty infected victims’ bank accounts. What a way to start my morning. Decoding AV-Disabling Drivers It’s 9:00 a.m. and I̵

It’s unusual for a day to go by without finding some new variant of a known ransomware, or, what is even more interesting, a completely new one. Unlike the previously reported and now decrypted Xpan ransomware, this same-but-different threat from Brazil has recently been spotted in the wild. This time the infection vector is not a targeted remote deskt

Malware researchers from Kaspersky have spotted the TeamXRat gang spreading a new ransomware in Brazil via RDP brute-force attacks. Cyber criminals are using stolen or weak remote desktop credentials to access systems and deliver file-encrypting ransomware. This is not a novelty in the criminal ecosystem, in March experts discovered a ransomware dubbed Surpr

A Brazilian judge ordered to block access to the WhatsApp messaging service for 72 hours, it is the second time in five months. Brazilian authorities ordered ISPs to block WhatsApp today in a dispute over access to encrypted data. The order to block the messaging service for 72 hours has been issued by a judge from the Brazilian state of Sergipe,  the ISPs a

Kaspersky has analyzed the interaction between the Russian and Brazilian criminal underground communities revealing a dangerous interaction. In the past weeks, we have analyzed the evolution of cyber criminal communities worldwide, focusing on illicit activities in the Deep Web. To simplify the approach we have considered the principal cyber criminal communi

Introduction Brazilian malware continues to evolve day by day, making it increasingly sophisticated. If you want to know how the various malicious programs work nowadays, you can jump to the corresponding section here. Meanwhile, before that, we would like to show how the techniques used by Brazilian cybercriminals have changed, becoming more advanced and in

Coder in the Brazilian Cyber Criminal underground are Pioneering Cross-platform malware relying on Java archive (JAR) Files. Recently security experts at PaloAlto Networks uncovered a new family of ransomware dubbed KeRanger that targets Mac OS X users, a circumstance that demonstrates that every OS is potentially at risk. Now researchers at Kaspersky Lab ha

TrendMicro published an interesting analysis of the principal cyber criminal underground communities in the Deep Web worldwide. A new interesting report published by the experts at TrendMicro highlights the differences between the principal underground ecosystems worldwide. Thinking of a unique “global” underground ecosystem is an error, every community has

Brazilian cybercriminals have been “competing” with their Russian-speaking “colleagues” for a while in who makes more Trojan bankers and whose are most effective. A few days ago we found a new wave of different campaigns spreading the initial “Banloader” components in Jar (Java archive), which is very particular by its nat