Security firm Trend Micro has traced the source of a large number of banking trojans to a 20-year-old man in Brazil.
Known variously as 'Hacker's Son', 'Filho de Hakcer' (sic) and 'Lordfenix', the malware writer began his career by asking for advice in comment forums, according to a Trend Micro blog post.
"A 20-year-old college student whose underground username is Lordfenix has become one of Brazil's top banking malware creators," said the firm.
"Lordfenix developed his underground reputation by creating more than 100 online banking trojans, each valued at over $300. Lordfenix is the latest in a string of young and notorious solo cyber criminals we're seeing today.
"Lordfenix is a Computer Science student from Tocantins, Brazil. We were able to trace his activity back to April 2013."
Trend Micro has posted a photo from the hacker's Facebook page that shows a large amount of local currency (below).
The hacker has been developing and selling trojans, including one named TSPY-Banker.njh, that can tell when an internet user enters the URL for a bank into their browser.
The malware throws up a fake log-in window, and sends the collected information back to the hacker.
Lordfenix has made available free versions with limited capabilities that work with only a handful of banks, but offers paid-for versions that work with a greater number of banks.
"Lordfenix has created more than 100 different banking trojans, not including his other malicious tools, since April 2013. With each trojan costing roughly $320, this young cyber criminal channelled his talent in programming into a lucrative illegal venture," said Trend Micro.
"In cybercrime, it doesn't matter if the criminal is a veteran or a newbie. The result remains the same: ordinary users become victims."
There is a lot of money in malware. The FBI announced a $3m bounty on the head of the Zeus creator this week.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets