Hackers have managed to gain access to one of Brazil’s largest online payment sites and could, potentially, have accessed billions of dollars by using their malicious software.
According to Reuters, EMC’s RSA security division picked up the activity, in which the parties involved in the hack were using a program known as ‘Eupuds’, which re-directed funds from Brazil’s Boleto Bancário online payment system.
The malware has only been found through Boleto transactions processed on PCs running Microsoft Corp’s Windows software.
The group estimates as much as 8.6bn Brazilian reais (almost €3bn) was stolen as part of the online raid from more than 192,000 accounts, but the group emphasises this amount could be less as it was unable to confirm which accounts had paid out into the hackers’ accounts.
The scam is ongoing, as Brazil continues to host the FIFA World Cup football tournament and match tickets are still being purchased.
The RSA research team has informed the Brazilian authorities, as well as Febraban, the group responsible for Brazil’s entire banking system.
“We’re concerned that the attackers will be able to develop the malware for other platforms,” said Jason Rader, director of cyberthreat intelligence with RSA.
“These attackers have online and offline techniques, and they’ve understood vulnerabilities in these operating systems.”