20-year-old Trojan King Revealed, Maker of over 100 Banking Trojans

David Goehring


A 20-year-old Brazilian kid has been revealed as the maker of more than 100 banking trojans by the security firm Trend Micro. He is known online by the name of ‘Lordfenix’, ‘Filho de Hacker’ and ‘Hacker’s Son.’

The security firm writes that a 20-year-old college student from Tocantins, Brazil known by the name Lordfenix has become Brazil’s top malware maker. He has developed this reputation by giving birth to more than 100 online banking trojans. Most of these banking trojans were sold by him for about $300 each.

He is a computer science student who earned this money between April 2013 and targeted banks like Bank of Brazil, HSBC Brazil and Caixa. He began his career by asking for hacking advice in forums and today he is found offering free version of highly-efficient banking Trojan source code to the forum members in the underground world.

One of the Trojans detected called TSPY_BANKER.NJH identifies and wakes up when a user enters its target banks’ URL. Then it closes the active browser window and displays an error message to open a new fake browser windows. This is so smooth and unnoticeable that user doesn’t have a clue.

Now the user enters the login username and password in the fake window and the trojan sends back the information to the attacker. For more protection, the trojan terminates the process GbpSV.exe associated with the popular security software G-Buster Browser Defense, a security program used by many Brazilian banks.

Also read: One of the Best Anti-Virus Malwarebytes Offers Free 1-Year Premium Keys

Lordfenix claims that these free versions can steal credentials of bank customers of four different banks. On the other hand, the paid $300 versions target more banks using the tricks to disable the popular security software popular in Brazil. The security company has posted a picture of programmer’s Facebook page that shows a big pile of local currency on his bed.


Apart from his expertise in this area, the other factors that helped Lordfenix were the facts that more than half-population of Brazil uses internet for transaction and dealing with digital crime isn’t a top priority in the country.

Did you like this story about the 20-year-old Trojan King? Tell us in comments.

Image: David Goehring/Flickr

For more updates and interesting stories from fossBytes, subscribe to our newsletter. [newsletter_signup_form id=1]

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job