Antivirus Protection & Internet Security Software
03 Jun 2014Virus News
If you still haven’t decided how you plan to pay your bills while you’re in Brazil – cash or credit card – it is high time to do so. Kaspersky Lab warns that Brazil has some of the most creative and active criminals specializing in credit card cloning. And, unfortunately, they love to target foreigners who don’t know how to protect their cards when withdrawing money from an ATM or paying for their drinks in a restaurant. But our experts have some useful tips to protect against the most common attacks on ATMs and point of sales (PoS) devices in Brazil.
PoS devices are very common in Brazil – according to the Brazilian Central Bank, credit and debit cards account for 70% of all payments in the country. Chip-and-PIN cards are accepted by almost all businesses, even by cab drivers.
So-called Chupa Cabra malware and Trojan-Spy.Win32.SPSniffer, a malware family with several variants developed in Brazil and seen in the wild since 2010, affects PoS and PIN-pad devices, both of which are very common in the country. These devices are connected to a computer via a USB or serial port to communicate with electronic funds transfer (EFT) software. The Trojan infects the computer and sniffs the data transmitted through these ports.
The PIN is encrypted as soon as it is entered, most commonly using triple DES encryption. But Track 1 data (credit card number, expiration date, service code and CVV) and the public chip data aren’t encrypted in the hardware of old and outdated devices. These are sent in plain text to the PC via USB or serial ports. Capturing this data is enough to clone a credit card.
Brazil has 118 ATMs per 100,000 adults according to the World Bank, placing it ninth in the world in terms of ATM numbers. This presents lots of opportunities for fraudsters to install skimmers, also known as “Chupa Cabra” devices.
“Be cautious while using ATMs or paying with your credit card. Don’t forget that cybercriminals in Brazil perform their malicious schemes all the time. Even during the day you can see them hanging out, wearing flip-flops and beachwear while installing skimmers in a crowded bank. Also remember that it’s far more secure if your transactions happen right in front of you. Be careful of chance encounters or accidents which might take your card out of reach for a moment. If that happens, check that the card you get back is really yours. If you have any doubts, immediately report the incident to the bank,” said Fabio Assolini, Senior Security Researcher with Kaspersky Lab’s Global Research & Analysis Team.
More information can be found at securelist.com.
© 1997 – 2016 Kaspersky Lab
All Rights Reserved. Industry-leading Antivirus Software