RSA, the security division of EMC Corp. said on Wednesday that its researchers uncovered a massive online fraud ring that has infiltrated The Boleto, a popular payment method in Brazil.
RSA said in a blog post on Wednesday that a coordinated investigation a “Boleto malware or ‘Bolware’ fraud ring that may have compromised 495,753 Boletos transactions over a two-year period. The value of the transactions is estimated at $3.75 billion USD, or $8.57 Brazilian Reals.
The Boleto is a popular and regulated electronic payment system that is the second most popular form of payment in the country, after credit cards. According to RSA, the malware in question allows attackers to carry out man-in-the-browser attacks that modify transaction details on an infected client system so that funds are directed into mule banking accounts controlled by the fraudsters.
RSA researchers discovered 8,095 fraudulent Boleto ID numbers tied to 495,753 compromised transactions. The Bolware botnet is believed to contain close to 200,000 infected systems.
RSA said it does not know the total value of malicious transactions that were actually paid into accounts controlled by the fraudsters.
Read more on RSA’s blog: RSA Uncovers Boleto Fraud Ring in Brazil » Speaking of Security – The RSA Blog and Podcast.