Eupudus
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 319 |
| First Seen: | February 23, 2015 |
| Last Seen: | September 13, 2021 |
| OS(es) Affected: | Windows |
Eupudus may turn out to be the greatest threat for your online payments if you live in Brazil. This is a stealthy banking Trojan that focuses on Boleto money transfers - the second most popular method for cash transactions in Brazil. The threat was detected in 2012 and is still successfully functioning, jeopardizing hundreds of thousands of users. Despite the hard work of the authorities to restrict the influence of Eupudus, the constant updates of the threat enable Eupudus to proceed with its campaigns. The damage, caused by this Trojan, is immense as it has compromised money transfers worth more than $3 billion. The number of contaminated computers is almost 200,000. One of the reasons for affecting so many machines is that Eupudus doesn't provide any clues about its existence and silently collects the money. None of the victims suspects anything until it is too late, and their money is gone. The best method to detect and remove the Trojan timely is by a powerful malware removal tool. If you are Brazilian, such a security is a must in order to prevent losing large amounts of money to criminals.
Table of Contents
How are the Thefts Performed and Who can be Attacked?
The way Eupudus functions and the intensity of the attacks have given grounds for computer security experts to compare Eupudus with notorious threats such as Trojan Zeus and Dyreza Trojan. The banking malware features man-in-the-browser attacks - meaning that Eupudus injects its harmful codes into the browser's memory. At the time, only three browsers are susceptible - Google Chrome, Internet Explorer and Mozilla Firefox. Unfortunately, these three are used by the big majority of Internet users, and people still don't resort to other applications when performing a Boleto payment. After Eupudus has contaminated the browser, it alters the recipient of the transaction. This process remains hidden to the user, and he cannot guess that his money goes into the accounts of the culprits. Even if one opens the Task Manager to check the processes, he will not detect the Trojan as it runs without displaying anything.
How Great is the Danger and What Makes it Hard to Disable Eupudus Once and for All?
The Brazilian banks have been attempting to disable Eupudus since it first appeared, and up to now, their efforts have remained in vain. As it seems, the revenues of the hackers are keeping them motivated to continue their job. Researchers report that as of now there are more than 20 modifications to the threatening program. Soon after the experts apply a good security measure, the culprits update Eupudus and evade detection. Staying online for such a long period has allowed the Trojan to affect 34 banks and to obtain the login data of 83 506 e-mails. However, the exact amount of collected money is still a mystery. What is known is that the threat has monitored transfers for way over $3 billion, but experts cannot determine exactly how much of it has been redirected towards the hackers' accounts. Various estimations show that 1 in every 900 computers in Brazil is infected with Eupudus or a similar threat. This danger for the Boleto payment system is so severe that investigators have even created a specific word for this threat - Bolware.
How to Protect Yourself from Eupudus?
The work of the authorities is still ongoing. Boleto users should keep their fingers crossed for the police to arrest the cyber criminals and disable their threatening software. Until then, though, anyone at risk of being robbed should take the proper precautionary measures. One flaw of Eupudus is that it doesn't support mobile operating systems. So at least for now, conducting payments through tablets and smartphones should be safe.
Unfortunately, there are no guarantees that the situation won't change as the hackers may include these systems in the list of targets. Same applies to using browsers, not attacked by the threat - such as Opera, Safari and so on. While these solutions may turn out to be ineffective at any moment, using an up-to-date anti-spyware program will prevent thefts. Regrettably, the Boleto system is different than the majority of payment systems in terms of refunds. If the cash is diverted towards the accounts of third parties, only a bank transfer may reverse the operation. Or said simpler - the money is gone. For this reason, the key is in prevention, and it can only be achieved by a reputable security program. Otherwise, the user will not be able to determine that there is a severe breach in his computer, let alone to remove this elaborate Trojan.
