View research paper: The Brazilian Underground Market: The Market for Cybercriminal Wannabes?
The Cybercriminal Underground Economy Series (CUES) has established that there is a booming underground market where cybercriminals can buy and sell products and services they use for their activities. This thriving market has provided attackers with the tools and knowledge needed to break barriers and launch cybercrime attacks.
Very much like any other market, the laws of supply and demand dictate prices of the products and services being offered. The availability of materials used to inflict harm has increased: toolkits are more visible and their prices are getting cheaper. Interestingly enough, as the prices went lower, the features grew richer.
In our continuing effort to closely observe booming underground markets scattered in different countries across the globe, this Trend Micro research paper closely looks at the continuing maturity of the Brazilian underground despite the lack of development in available tools and tactics.
Similar to other cybercriminal underground markets like those that exist in China and Russia, the Brazilian underground possesses unique characteristics such as the use of popular social media platforms to commit fraud instead of hiding in the deep recesses of the Web with tools that ordinary users normally don't have access to. Cybercrooks in Brazil make use of popular mediums such as social networks like Facebook, YouTube, Twitter, Skype, and WhatsApp, as these have turned out to be effective venues.
Notably, the underground scene in Brazil also has players that market number generators and checkers or testers for more than just credit cards. They offer tools created for attacks against products and services exclusive in Brazil while also offering training services for cybercriminal wannabes.
The Underground Market Scene:
Banking Trojans: Brazil has been known for banking Trojans created by Brazilians to target banking customers in the country. Various Trojan-based techniques are being used to steal user credentials from bolware, including domain name system poisoning, fake browser windows, malicious browser extensions, and malicious proxies.
Business application account credentials: Confidential data is of utmost value in Brazil, as in any underground market. In their cybercriminal underground market, credentials for popular business application services provided by Unitfour and Serasa Experian are being sold. Unitfour’s online marketing service, InTouch, has the capability to keep and access potential or existing customers’ personal information, which made it a target for cybercrooks. Such is the case with Serasa Experia, where plenty of information are used and sold for nefarious purposes.
Online service account credential checkers: These are essentially tools used to validate account numbers for online services which they obtain by getting log in information from phishing campaigns.
Phishing pages: In Brazil, creating phishing pages is simple—cybercriminals copy everything on the legitimate pages they wish to phish and change the destination the data collected goes to, such as a free webmail account that they own. This is how victims are redirected from legitimate websites without noticing it.
Phone number lists: Phone number lists per town or city are usually offered by cybercriminals who sell spamming software and hardware. A mobile phone number list for a small town can be bought as well as home phone number lists used in phone-based scams.
One key aspect that sets the Brazilian underground from others is the fact that it also offers services for cybercriminal wannabes. Particularly, they offer fully undetectable (FUD) crypter programming and fraud training in the form of how-to videos with support services via Skype. This gives any computer-savvy wannabe the necessary knowledge they need to pull off certain cybercriminal activities.