Trend Micro discovered Lordfenix, a student that has created more than 100 different banking Trojans and other malware tools, since April 2013.
Trend Micro security experts have discovered a 20 Brazilian student who has developed and distributed more than 100 bank malware.
The new cyber criminal, who used the aliases 'Lord fenix', 'Hacker's Son' and 'Filho de Hacker' was selling each banking trojan for around US$300 dollars since 2013.
Trend Micro reported that the student started his activity by getting in touch with hacking forums where he found the collaboration of other malware writers.
Since its inception, Lordfenix has "developed its skills" and consequently has grown its business by developing malware based on the needs of its customers.
Lord fenix began his activity by offering free versions of the fully-functional source code of the bank Trojan to the underground forum.
The free version worked to target customers of four Brazilian banks, including Bank of Brazil, Caixa, and HSBC Brazil.
The following model was profitable: Lordfenix offered further customization of the banking trojan to target other financial institutions.
«Lordfenix has since continued to develop and sell banking Trojans, one of which we have detected as TSPY_BANKER.NJH. This Trojan is able to identify whenever someone user he types any of the URLs of his target banks. Among these targets are Banco de Brasil, Caixa, and HSBC Brasil."Said Trend Micro in its statement.
Over the years Lord fenix has improved its malware by adding further features such as protection against security products.
The Lord fenix malware is able to discover and terminate the GbpSV.exe process associated with the for mobile devices to report the G-Buster Browser Defense, a security program used by many banks in Brazil to protect their users.