Trend Micro discovered him Lordfenix, a student who has created more than 100 different banking Trojans and other malware tools, since April 2013.
Trend Micro security experts have discovered a 20 Brazilian student who has developed and distributed more than 100 bank malware.
The new cybercriminal, who used the aliases 'Lord fenix', 'Hacker's Son' and 'Filho de Hacker' sold every banking trojan for about US$300 dollars as of 2013.
Trend Micro reported that the student started his activity by getting in touch with hacking forums where he found the collaboration of other malware writers.
Since its inception, Lordfenix has "developed its skills" and consequently has grown its business by developing malware based on the needs of its customers.
Lord fenix began his activity by offering free versions of the fully-functional source code of the bank Trojan to the underground forum.
The free version worked to target customers of four Brazilian banks, including Bank of Brazil, Caixa, and HSBC Brazil.
The following model was profitable: Lordfenix offered further customization of the banking trojan to target other financial institutions.
«Ο Lordfenix έχει συνεχίσει από τότε να αναπτύσσει και να πωλεί banking Trojans, ένα εκ των οποίων έχουμε ανιχνεύσει ως TSPY_BANKER.NJH. Αυτό το Trojan είναι σε θέση να προσδιορίσει κάθε φορά που κάποιος χρήστης πληκτρολογεί οποιοδήποτε από τα URLs των τραπεζών- στόχων του. Μεταξύ αυτών οι στόχοι είναι Banco de Brasil, Caixa, και η HSBC Brasil."Said Trend Micro in its statement.
Over the years, Lord Phoenix has improved its malware by adding further features such as protection against security products.
Lord's Phoenix malware is capable of discovering and ending the GbpSV.exe process associated with the G-Buster Browser Defense software, a security program used by many Brazilian banks to protect their users.