Brazilian Bank Pwned From Top to Bottom, Experts Say

By Marcos Colon

The findings of a massive cybercrime operation impacting a Brazilian bank were released this week by security researchers at the Security Analyst Summit.

Kaspersky Lab’s Fabio Assolini and Dmitry Bestuzhev uncovered the compromise of a Brazilian bank’s operations which resulted in taking over the financial institutions 36 domains, corporate email and DNS, according to a Threat Post report.

Discovered on October 22, the researchers first believed the attack was a run-of-the-mill site hijack, but quickly realized the extent of the attack. Once compromised, the bank’s website would serve up malware to all site visitors – a Java file located in a .zip archive that would be loaded into the index file. By controlling the site’s index file, the attackers could inject an iframe that would redirect bank customers to a website that exposed them to the Java file containing the malware.

“All 36 of bank domains were under the attackers’ control, including the online, mobile, point-of-sale, financing and acquisitions, and more,” the report said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.