Researchers at Kaspersky Lab have conducted an in-depth investigation into how Brazilian and Russian cybercriminals have been working together and exchanging malware on underground forums.
Security researchers are quite interested in both Brazilian and Russian cybercrime because hackers in both countries are relatively open, have a high level of online activity and use online forums to communicate amongst themselves.
The cybercrime markets both developed independently of one another and have different cyber-attack techniques that have been tailored to the local conditions in their countries. Boleto malware was developed in Brazil and Russian cybercriminals have developed their own malware to target mobile banking services. In recent years, hackers from both countries have begun to cooperate and are buying new crimeware and ATM/PoS malware from one another while also offering their own expertise to other cybercriminals. Their collaboration has helped speed up the evolution of malware.
Kapersky Lab was able to find real life examples of the collaboration between cybercriminals in both countries as well. A user of a Russian speaking forum called Doisti74 expressed an interest in buying Brazilian “loads” or successful installations of malware on PC's in Brazil. The user name was then spotted in a Brazilian underground scene where he is known as someone who spreads Ransomware which targets Brazilian users.
A few years ago Brazilian banking malware was very basic and easily detectable. In recent years though it has evolved thanks to the many malicious technologies that Russian cybercriminals developed.
An interesting point in regards to the collaboration between Brazilian and Russian cybercriminals is that they were able to overcome language barriers, time differences and cultural differences to develop more advanced malware and cyberattacks.