Researchers at RSA's Cybercrime Research Lab have spotted a new approach to Boleto fraud where scammers poison a DNS entry used by a bank website and redirect the IP address resolution to the fraudster's HTTP server,” according to a Monday blog post by Fernando Paolieri Neto.
Miscreants can then either fake or substitute JavaScript for the original file hosted on the bank's website. They then use the fake JavaScript to “alter the behavior of the target webpage,” all without Brazilian bank customers' knowledge and can launch advanced attacks via existing frameworks.
After a malicious injection has occurred and the fraudsters are in control of the fake JavaScript, they can not only manipulate pages but can control customer accounts and ultimately capture Boleto payment card information, including new, valid expiration dates, to be used later to make fraudulent transactions.
