100 Banking Trojans Written by 20-Year-Old Brazilian College Student in Two Years

A 20-year-old Brazilian college student has been discovered for developing and distributing over 100 successful banking Trojans at the price of $300 a piece, a security firm uncovered.

Security researchers discovered the computer science student first gained headway towards his career when posting on online forums asking for assistance in programming a new Trojan he was designing. The 20-year-old went by several online aliases, including ‘Hacker’s Son’, ‘Lord Fenix’ and ‘Filho de Hacker’.

The young college hacker has “grown quite confident in his skills” and has designed well over 100 Trojans with the sole intention of stealing financial and banking information from computer systems.

“Based on our research, Lordfenix has created more than 100 different banking Trojans, not including his other malicious tools, since April 2013,” Trend Micro reported. “With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture.”

In hopes of expansion, Lordfenix has begun releasing free versions of his fully functional banking Trojan source code in hopes of expanding operations into other areas of the dark net underground forums.

Malware developed the the 20-year-old Brazilian has the ability to capture four different Brazilian banking websites information, including HSBC Brazil, Bank of Brazil and Caixa. Customers are required to pay the malware author additional fee’s to gain access to more powerful tools to access other sets of financial information.

Additional features sold, include TSPY_BANKER.NJH, a Trojan capable of of detecting when a user begins to load a banking website in their browser. Once the malware recognizes the situation, the window is force closed by the malware, where it displays an error message that the browser crashed. The malware will then open a bogus Chrome tab that appears to be the banking website.

Once the victim inputs their banking details, it’s sent to the hackers email address.

Malware developed by Lordfenix also includes a software program with the intent to end a process called GbpSV.exe on the computer, the security process is run by several banks in Brazil with the intent to keep customer data safe online.

Fraud and stolen banking information is growing rapidly and is a prime target for hackers in outer-lying countries such as Brazil who are out of the hands of U.S.-based law enforcement.

“In cybercrime, it doesn’t matter if the criminal is a veteran or a newbie. The result remains the same: ordinary users become victims,” Trendmicro said.