A cyber-fraud gang is estimated to have stolen up to $3.75bn using malware to target a popular payment method in Brazil.
An estimated 495,753 Boleto Bancario transactions have been compromised in the past two years, according to researchers at RSA, the security division of EMC.
RSA researchers in Brazil, Israel and the US studied 19 variants of the related malware for three months. Using digital logs, they traced the malware to one group in Brazil.
But it is not known whether the cyber fraudsters were successful in collecting on all of the compromised transactions.
Regulated by the Brazilian Federation of Banks, Boleto enables users to carry out a variety of financial transactions online and offline.
The security researchers described the cyber-fraud operation as a serious threat to banks, merchants and customers in Brazil.
News of the fraud has added to growing concerns that such attacks are undermining confidence in online payment methods.
Although the exact sum stolen is not known, even if only half the compromised transactions were redirected to criminal accounts, it would still be the largest cyber theft to date, according to the New York Times.
Read more on cyber fraud
The cyber criminals have been siphoning off funds using the man in the browser technique, which enables criminals to intercept and alter Boleto transactions without the victims’ knowledge.
The attack is facilitated by malware injected into victims’ browsers after they have been tricked into clicking malicious links.
Google’s Chrome, Mozilla’s Firefox and Microsoft’s Internet Explorer are all vulnerable to the attack, although the malware appears to affect only computers running Microsoft’s Windows operating system.
Researchers believe that more than 192,000 computers have been infected with the malware used by the Boleto cyber criminals and that 83,506 email user credentials have also been stolen.
“Because of its stealth capabilities, end-users also have little chance of detecting Boleto fraud on their own,” the RSA researchers said.
Security experts advise caution in opening unsolicited email attachments or clicking on unknown links, and keeping computers updated with security patches and the latest anti-virus software.
The RSA researchers said they are working with local and international law enforcement officials to help prosecute the individuals behind the Boleto cyber fraud.