Monday, July 22 2024

A banking trojan named Bizarro has expanded its attacks to target customers of 70 European and South American banks. The banking trojan, which originates in Brazil, is spread through phishing emails and affects Windows systems.

Researchers at Kaspersky Labs discovered the banking trojan. The group relies on affiliates and recruiting money mules to use social engineering to trick users into using fake two-factor identification codes. Bizzaro reaches users by sending spam emails with fake links to users, which distributes an MSI package.

The trojan then downloads a ZIP archive which contains the malicious code, and then Bizzaro eliminates any current online banking websites on the user’s device. This forces the user to re-enter their credentials which are then stolen by the malware. Bizarro focuses on gathering information such as the computer’s name, default browser name, and installed antivirus software name. The malware uses a screen capturing module to monitor the user’s screen for bitcoin wallet addresses constantly. This wallet is then replaced with one that belongs to the Bizarro malware developers.

Bizarro is rooted in its backdoor component, which supports over 100 commands and allows attackers to steal online banking credentials. These commands display fake popup messages to users but only becomes active once the malware finds a connection to one of the hardcoded banking systems. Bizarro receives many commands such as obtaining data about the user, allowing control of the files, mouse, and keyboard on the device, and commands that enable social engineering.

Bizarro uses social engineering by tricking the users into giving their bank account login credentials through message windows asking for login data or two-factor authentication. These messages provide the user with fake notifications asking to re-enter their credentials or asking for a confirmation code. These methods allow the malware to steal the user’s banking credentials swiftly and promptly. Bizarro also uses JPEG images with the target bank’s logo to convince the user that their system has been compromised and needs an update. Other malware such as Guildma, Javali, and Melcoz originate from Brazil just like Bizarro and target users all over Europe.

Previous

S&P Hints at Rating Downgrades for Poor Cyber… Again

Next

Cybersecurity M&A and Funding Update: May 28

Check Also

Widget

Don’t Miss

Sevco Security Platform Product Review

Ellie Buscemi

What is the Sevco Security Platform? The Sevco Security Platform is a cyber asset attack service management (CAASM) product that focuses on aggregating and correlating data from across a company’s cybersecurity infrastructure to give cybersecurity professionals a better sense of what the company’s infrastructure looks like as a whole. The platform’s sources include a company’s […]

Cyber Deals: Huntress, Cyberhaven, and SpyCloud

CISOstack

Cybersecurity Surge: Top Funding Rounds and Strategic Acquisitions Fuel Growth in AI, Cloud Security, and Threat Prevention Solutions

Fidelis Elevate: A Deep Dive

Ellie Buscemi

What is Fidelis Elevate? Fidelis Elevate is an open extended detection and response (open XDR) solution focusing on network protection, endpoint security, and cyber attacker deception. The platform aims to protect various elements of a company’s infrastructure, such as devices and servers while tracking suspicious behavior and preventing access to cyber criminals. What features does […]

Partially closed laptop screen

Best Extended Detection and Response (XDR) Solutions

Lara Oporto

What is Extended Detection and Response and how does it work? Extended Detection and Response (XDR) is a cybersecurity system that gathers information from different places like computers, networks and emails. Unlike other security tools that focus on one area like computers or networks, XDR looks at everything together. The comprehensive approach helps to find […]

Close up of computer chip

Best Managed Detection and Response (MDR) Solutions

Lara Oporto

What is Managed Detection and Response? Managed Detection and Response (MDR) is a cybersecurity service that provides continuous monitoring, threat detection and incident response capabilities. MDR achieves these capabilities through the deployment of advanced technologies such as machine learning and behavioral analytics as well as analysis from security professionals. MDR is a cybersecurity service that […]

Best Hyperconverged Infrastructure Software

Ellie Buscemi

What is Hyperconverged Infrastructure and how does it work? Hyperconverged infrastructure (HCI) is a software that provides computing, storage and network operations for a company from a single point on a company’s hardware. Originally, computing, storage and network operations were divided in a company’s hardware infrastructure and potentially provided by separate vendors with different management […]