Two malware pieces targeting the Brazilian “boleto” payment instrument, one performing Document Object Model (DOM) manipulations, the other scanning web pages in search for boleto numbers, have been uncovered by security researchers.
At the beginning of the month, security experts at RSA published a report about cybercriminal activity in Brazil that focused on the boleto payment system.
They revealed that the malware family infecting most computers relied on web injects to modify the fields of the recipient of the money in order to divert the transfer into the fraudsters’ accounts.
Boletos are used in Brazil for all sorts of purchase, including online. A difference from other forms of payment is that such a transaction can be reversed only by bank transfer.