A Trojan that’s been going after banks since late October appears to be part of a family of malware born in Brazil, and since mid-December a new variation named “Kaicone” has been on the prowl, stealing funds from online customers of the country’s largest banks.
The Kaicone Trojan, believed to be part of the Kaiser Malware family, infects computers after the victim opens an email alleging to be from a trusted source. Using a keylogger, the malware records all of the characters typed into the computer by the user, including usernames and passwords. The malware reports this information back to the hacker, who then takes over the computer, accesses the victim’s bank accounts, and starts transferring funds to his own account.
The Kaiser Family is believed to have originated in Brazil, which is where its primary targets are. The new version identified by was discovered by TELUS Security Labs, and the victims of the attacks have been online banking customers of Brazilian banking entities, primarily Banco de Brazilia, one of the country’s largest financial institutions.
Trojan attacks on banks are not uncommon in Brazil. According to a 2014 report by Kapersky Labs, the country had the second highest number of banking attacks, accounting for 6.55 percent of all attacks worldwide (Russia topped the charts with 29.97 percent while the US saw 5.33 percent).
But in terms of the total percentage of users victimized by financial malware, Brazil held the record, according to Kapersky. More than 20 percent of online banking customers in Brazil had their accounts compromised by hackers in 2014.