Tag Archive for: Brazilian

The Brazilian financial malware you can’t see, part one


Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme.

PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this malware attacking banks in Brazil.

A hidden threat

Within IBM Trusteer, we saw several different techniques to hide malware from its victims. Most banking malware conceals its existence on the mobile device by hiding its launcher icon from the victim using the SetComponentEnabeldSetting application programming interface (API). However, since Android 10, that technique no longer works due to new restrictions imposed by Google.

To address this new challenge, PixPirate introduced a new technique to hide its icon that we have never seen financial malware use before. Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background.

PixPirate abuses the accessibility service to gain RAT capabilities, monitor the victim’s activities and steal the victim’s online banking credentials, credit card details and login information of all targeted accounts. If two-factor authentication (2FA) is needed to complete the fraudulent transaction, the malware can also access, edit and delete the victim’s SMS messages, including any messages the bank sends.

PixPirate uses modern capabilities and poses a serious threat to its victims. Here is a short list of PixPirate’s main malicious capabilities:

  • Manipulating and controlling other applications
  • Keylogging
  • Collecting a list of apps installed on the device
  • Installing and removing apps from the infected device
  • Locking and unlocking device screen
  • Accessing registered phone accounts
  • Accessing contact list and ongoing calls
  • Pinpointing device location
  • Anti-virtual machine (VM)…

Source…

Brazilian Court sentences hacker to 20 years in prison — MercoPress


Brazilian Court sentences hacker to 20 years in prison

Tuesday, August 22nd 2023 – 10:50 UTC

Delgatti claimed he hacked mobile phones to “fight injustices” but the judge did not buy it
Delgatti claimed he hacked mobile phones to “fight injustices” but the judge did not buy it

Notorious hacker Walter Delgatti was sentenced Monday to 20 years in jail for his involvement in the 2019 Operation Spoofing case, Agência Brasil reported. The decision can be appealed.

Judge Ricardo Leite, of the 10th Federal Court in Brasilia, issued his ruling after Delgatti was arrested in 2019 on suspicion of hacking into Telegram accounts of authorities, including members of the Lava Jato task force, such as former prosecutor Deltan Dallagnol.

Read also: Bolsonaro vows to sue hacker for slander

In addition to Delgatti, six other defendants were also sentenced for the intrusions. In addition to the former Car Wash prosecutors, former Justice Minister Sergio Moro, former Economy Minister Paulo Guedes, and advisors to the National Council of Public Prosecutors (CNMP) also had messages illegally accessed.

In his decision, the judge said that Delgatti intended to sell the hacked Lava Jato conversations to the press and refuted defense claims that the conversations had been violated to “fight injustices” allegedly committed during the operation.

“It was only after realizing the resistance of journalists to paying for access to this material that there was an initial cooling of Walter’s eagerness to obtain cash for exchanging the material,” wrote the judge.

In addition to participating in the hacking of authorities, the sentence states that Walter Delgatti obtained bank details from various victims and sold the information obtained on specialized crime chats.

“To better understand Walter’s fraud techniques, a conversation was recorded in which Walter introduces himself as being responsible for the technical and security area of a financial institution and instructs a bank client to update his computer to install a malicious program,” the judge noted.

Earlier this month, Delgatti was arrested by the Federal Police (PF) in…

Source…

Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote


A Brazilian hacker claimed at a congressional hearing Thursday that then-President Jair Bolsonaro wanted him to hack into the country’s electronic voting system to expose its alleged weaknesses ahead of the 2022 presidential election.

Walter Delgatti Neto did not provide any evidence for his claim to the parliamentary commission of inquiry. But his detailed testimony raises new allegations against the former far-right leader, who is being investigated for his role in the Jan. 8 riots in the capital city of Brasilia.

Delgatti told lawmakers he met in person with Bolsonaro on Aug. 10, 2022, for between 90 minutes and two hours at the presidential residence. He said he told the leader he could not hack into the electronic voting system because it wasn’t connected to the internet.

Bolsonaro’s lawyers said in a statement they will take judicial action against Delgatti, who they accused of “bringing false information and allegations, without any evidence.”

The lawyers acknowledged the hacker met with the former president and said the far-right leader ordered his defense minister to open investigations on the country’s electoral system based on claims he had heard from the hacker.

Creomar de Souza, founder of political risk consultancy Dharma Politics, said Delgatti’s testimony “is yet another brick in a wall of problems around Bolsonaro and some of his allies.” De Souza said the former president is in deeper legal trouble because his base in congress wanted the congressional inquiry to become a platform for his defense — and it has instead put him deeper in hot water.

Bolsonaro’s political nemesis, leftist Luiz Inácio Lula da Silva, won the Oct. 30, 2022, presidential election with just 50.9% of the votes.

Advertisement. Scroll to continue reading.

Delgatti said Bolsonaro wanted the attempted hack to show voters that Brazil’s voting system was not reliable.

He said that after he explained why he could not hack into the electoral system, the Bolsonaro campaign asked him to tamper with a borrowed voting machine to make it appear, less than a month before the election’s first round, that the machine had been successfully hacked and results could be compromised….

Source…

New York National Guard Cyber Experts Learn from Brazilian Counterparts


When the Brazilian Cyber Defense Command (CDCiber) showcased itself to representatives of 15 nations August 18 as part of its Cyber Guardian Exercise, two New York Army National Guard Soldiers represented the United States.

Captain Andrew Carter, the information systems officer for the 42nd Infantry Division headquarters battalion, and Chief Warrant Officer Two Nefertiti Stokes, a 173rd Cyber Protection Team (CPT)member, spent three days with Brazilian computer security experts in Brasilia, the country’s capital.

The visit was conducted as part of the State Partnership Program relationship the New York National Guard has had with the Brazilian Armed Forces since 2019.

Their role, Capt. Carter said, was to determine what types of cyber operations training the New York National Guard’s computer security experts could conduct with their Brazilian counterparts.

Brazil’s Ministry of Defense Cyber Defense Center oversees cybersecurity across all sectors.

What they learned, Capt. Carter said, is that Brazil relies on its military computer security specialists to protect both military information systems and those of Brazilian civilian industry professionals.

This is very similar to U.S. Cyber Command’s emphasis on keeping military networks as well as critical infrastructure across the nation safe from computer attacks, Capt. Carter said. The difference, he noted, is that because Brazil does not have a National Guard equivalent, the Brazilians have full-time military personnel working with civilian cyber professionals to deal with cyber threats.

Capt. Carter said the United States relies on full-time personnel and people like Chief Warrant Officer 2 Stokes, who works in cybersecurity as a civilian, to put their civilian-acquired knowledge to work.

The three-day visit gave the two New Yorkers a chance to see different facets of Brazil’s communications and signals effort.

On the first day, they visited Brazil’s equivalent of the U.S. Army Signal School at Fort Gordon, Georgia. Capt. Carter said he was impressed and amazed to find out the Brazilians were still teaching the use of Morse code to encrypt messages. The U.S. Army stopped teaching the dots and dashes of Morse…

Source…