Nowadays there are lots of payment systems you can choose from to complete your online payments. You may have heard about one of them – Boleto. Based in Brazil, Boleto can be used to transfer money, pay for various goods online (such as Skype credits) or just manage your online banking. The problem is that this payment system was selected as a serious target by cyber criminals. Group of cyber criminals under the name ‘Boleto Bandits’ is responsible for over 3.75 billion dollars in losses throughout past year. They have developed a Boleto malware – it infects computers and helps cyber criminals to steal money.
As a matter of fact, there are records that two other malware are being developed right now for the same purpose – to fraud Boleto payment system users. Although neither names nor developers are known at the moment, users of Boleto should be extremely careful or even refrain from using this payment system at least for a while. Researches have revealed that one of every 900 computers in Brazil is infected with some kind of Boleto malware that can cause loss of money from this payment system.
The official name of this malware is ‘Boleto Bancário’ and it can hide under other names as well. This malware has several different approaches to fraud users and steal money. The most common one is Web injection. This method is used to modify Boleto online payee fields. This offspring of Boleto is called ‘Eupudus’. When a computer is infected with Eupudus, Boleto payee fields are being hacked, so every time money is being transferred to the account of a user with an infected computer, they are diverted to the offshore or fraudster account. The same method of theft is also used by other malware, such as Zeus, Spyeye or Citadel.
Another Boleto malware uses COM (Component Object Model) interface to perform DOM (Document Object Model) manipulations. It is worth mentioning, that this method can be used only on Internet Explorer web browsers. The trick here is that it modifies internal data of particular websites and lets fraudsters corrupt payments page. The name of this malware is identified as a ‘Domingo’. However, most of anti-virus programs can’t recognise its’ reference to Boleto.
And the last on the list is browser extension method. Due to the fact that DOM manipulation method can only be used on Internet Explorer, there was a need to create something that would target other very popular web browser, such as Google Chrome or Mozilla Firefox. Cyber criminals managed to develop a browser extension, that is compatible with Mozilla Firefox and Google Chrome. Although this type of malware called ‘Coleto’ is pretty new and not very common, you should be aware of that. Once this extension is added to your web browser, it scans web pages for a number that is a perfect match with the pattern of a Boleto number. After that is done, it allows cyber criminals to change needed numbers and steal funds from users.
If you are wondering how to avoid being robbed by Boleto malware, we have something to say to you. First of all, you can complete all Boleto payments through your mobile device (smart phone, tablet), since this malware is not effective on mobile devices yet. However, it is only a question of the time, how quick cyber criminals will be able to develop some software for this purpose. In case a lot of users will start using mobile devices to complete Boleto transactions, revenue from PC niche will significantly reduce and cyber criminals will be forced to make needed changes. As you can see, usage of a mobile device to complete Boleto transactions safely is just a temporary solution that will not be a good choice in a long run. There are several schemes how to act in case your transaction is being attacked by cyber criminals, but all of them can be bypassed rather easy, so if you want to ensure a maximum safety, you should prevent Boleto malware operation on your computer. And this can be achieved only by regular scans with a trustworthy anti-malware software. It will detect and remove all types of Boleto malware automatically. In case your computer is already infected, this solution will also be effective. If you are not into using any additional software to ensure your safety, you can remove this malware from your computer manually. If it is a browser extension (the third type of malware) you will have to remove it both from your Control Panel and web browser you use extensions list. See below how to perform this.
Automatic Malware removal tools