A notorious cybercrook responsible for more than 100 online banking Trojans has been outed by security firm Trend Micro as a 20-year-old Brazilian computer science student.
Known online as Lordfenix, the student has been developing and selling banking Trojans since 2013, says Trend Micro, which has dug up old forum posts in which he asked for programming help.
Lordfenix has also been spotted offering free versions of fully-functional banking Trojan source code to underground forum members. However, the code can be used to steal login details from customers of four banks and 'clients' have to pay for a more powerful tool called TSPY_BANKER.NJH.
TSPY_BANKER.NJH is able to identify when a user types any of its target banks’ URLs, close the browser window (if it’s running on Google Chrome), display an error message, and then open a new fake Chrome window. If the victim then enters their login details in the fake window, the information is emailed back to an address linked to Lordfenix.
The student is also advertising malware through his Skype profile and is selling each Trojan for around $320, says Trend Micro.