Boleto, originally known as Boleto Bancário, is a payment method in Brazil. Boleto Bancário is a financial document, or invoice, issued by a bank, and it can be used to pay for various services. Consumers may also use this payment method to make online transactions using their online banking. Over a year, Brazil has been fighting malware aimed at compromising Boleto users. Recently, two instances of Boleto malware have been detected, one of which is known to be performing Document Object Model (DOM) manipulations, while the other one is scanning web pages in order to record boleto numbers. The removal of this malware is a must because it can easily steal the victim’s money.
How does Boleto malware work?
These two instances of Boleto are not new to Brazil because a Trojan modifying a typable line of the Boleto invoice viewed with the user’s browser was reported in 2013. The infection does not modify the barcode of the Boleto invoice, but it does break it so that the user has to use the typable line.
As regards DOM manipulations, the infection monitors the user’s action when he/she is using Internet Explorer. More specifically, the infection changes some information on the web page and modifies the field for the receiver of the boleto. This Boleto fraud is hidden from the user.
Another sample of Boleto malware is called Coleto. This threat adds browser extensions to Mozilla Firefox and Google Chrome. First, the threat downloads a browser extension, which scans the page for numbers that corresponds with the pattern of a Boleto number. When a number is found, it is replaced with another predefined number, which means that funds are transferred to the attackers’ account.
One more piece of malware is known to be using some techniques typical of GameOver Zeus. This Boleto Trojan is capable of bypassing different types of system defense, including firewalls and web filters. The infection is known to use encrypted data (XORed with a 32-bit key), which is decrypted when committing the fraud. The aim of the program is to remain undetectable, which is why it encrypts the payload.
How to prevent Boleto malware?
In order to use the Boleto service safely, security experts recommend using mobile banking application because they are not affected by this malware. However, it is important to note that the criminals are likely to develop techniques to fraud mobile devices, which is a matter of time. It is important to note that not all security programs are capable of detecting and removing malware targeted at the Boleto systems; hence, if you are based in Brazil and use Boleto on a daily basis, including online banking, you should make sure that the computer contains a program that can effectively defend the machine from financial malware.