Friday, January 28 2022

A banking trojan named Bizarro has expanded its attacks to target customers of 70 European and South American banks. The banking trojan, which originates in Brazil, is spread through phishing emails and affects Windows systems.

Researchers at Kaspersky Labs discovered the banking trojan. The group relies on affiliates and recruiting money mules to use social engineering to trick users into using fake two-factor identification codes. Bizzaro reaches users by sending spam emails with fake links to users, which distributes an MSI package.

The trojan then downloads a ZIP archive which contains the malicious code, and then Bizzaro eliminates any current online banking websites on the user’s device. This forces the user to re-enter their credentials which are then stolen by the malware. Bizarro focuses on gathering information such as the computer’s name, default browser name, and installed antivirus software name. The malware uses a screen capturing module to monitor the user’s screen for bitcoin wallet addresses constantly. This wallet is then replaced with one that belongs to the Bizarro malware developers.

Bizarro is rooted in its backdoor component, which supports over 100 commands and allows attackers to steal online banking credentials. These commands display fake popup messages to users but only becomes active once the malware finds a connection to one of the hardcoded banking systems. Bizarro receives many commands such as obtaining data about the user, allowing control of the files, mouse, and keyboard on the device, and commands that enable social engineering.

Bizarro uses social engineering by tricking the users into giving their bank account login credentials through message windows asking for login data or two-factor authentication. These messages provide the user with fake notifications asking to re-enter their credentials or asking for a confirmation code. These methods allow the malware to steal the user’s banking credentials swiftly and promptly. Bizarro also uses JPEG images with the target bank’s logo to convince the user that their system has been compromised and needs an update. Other malware such as Guildma, Javali, and Melcoz originate from Brazil just like Bizarro and target users all over Europe.

Previous

S&P Hints at Rating Downgrades for Poor Cyber… Again

Next

Cybersecurity M&A and Funding Update: May 28

Check Also

Widget

Don’t Miss

Cyber Deals: 1Password, Virtru, SoSafe, Anitian

Julia Bischoff

Cybersecurity venture funding and mergers: The most sizable venture rounds involved password management and compliance solutions. Managed detection and response (MDR) and identity and access management (IAM) tools remain strong targets for strategic buyers. Funding Security awareness platform SoSafe raised $73 million in its Series B funding round led by expansion-stage investor Highland Europe. This […]

Cyber Executive Moves: Citi, DNC, Blackhawk

Julia Bischoff

Truist Financial chief information security officer Howard Whyte

Cyber Deals: Xage, Human Security, GitGuardian, Simplify, Wipro

Julia Bischoff

Cybersecurity merger and acquisition deals, funding announcements, and public offerings: This week’s most sizable venture funding rounds involved cloud infrastructure security and biometric verification companies. As the sector continues to attract strong interest from strategic buyers, notable recent mergers involved security automation and response (SOAR) and cybersecurity risk consulting. Funding Critical infrastructure security provider Xage […]

Heather Dyer, acting vice president and chief information security officer, US Postal Service

Cyber Executive Moves: AmEx, Cybereason, HackerOne

SecureDisruptions

By Julia Bischoff and Corey Campbell Cybereason names CSO, SafeBreach hires CISO, AND WELLS FARGO CIO JOINS AMEX. American Express hired Ravi Radhakrishnan as chief information officer. Radhakrishnan was previously chief information officer and head of technology for Wells Fargo’s commercial banking and corporate and investment banking businesses. Bug bounty platform HackerOne hired Chris Evans […]

Crypto Harmonization—or Regulatory Turf Wars?

SecureDisruptions

By Stanley I. Foodman Don’t expect aligned, coherent rules anytime soon Multiple enforcement agencies within the US government agree that the $2.5 trillion crypto industry needs regulation. And heads of the largest crypto companies have told Congress that they agree. But therein lies the rub: competing government initiatives have yet to arrive at consensus on […]

Cyber Deals: PlainID, Noname Security, UncommonX, Entegra

Van Michael

Noname Security achieves unicorn status. Dueling API security firms close respective Series C rounds. PlainID raises $75 million in Series C funding.