Wednesday, September 22 2021

A banking trojan named Bizarro has expanded its attacks to target customers of 70 European and South American banks. The banking trojan, which originates in Brazil, is spread through phishing emails and affects Windows systems.

Researchers at Kaspersky Labs discovered the banking trojan. The group relies on affiliates and recruiting money mules to use social engineering to trick users into using fake two-factor identification codes. Bizzaro reaches users by sending spam emails with fake links to users, which distributes an MSI package.

The trojan then downloads a ZIP archive which contains the malicious code, and then Bizzaro eliminates any current online banking websites on the user’s device. This forces the user to re-enter their credentials which are then stolen by the malware. Bizarro focuses on gathering information such as the computer’s name, default browser name, and installed antivirus software name. The malware uses a screen capturing module to monitor the user’s screen for bitcoin wallet addresses constantly. This wallet is then replaced with one that belongs to the Bizarro malware developers.

Bizarro is rooted in its backdoor component, which supports over 100 commands and allows attackers to steal online banking credentials. These commands display fake popup messages to users but only becomes active once the malware finds a connection to one of the hardcoded banking systems. Bizarro receives many commands such as obtaining data about the user, allowing control of the files, mouse, and keyboard on the device, and commands that enable social engineering.

Bizarro uses social engineering by tricking the users into giving their bank account login credentials through message windows asking for login data or two-factor authentication. These messages provide the user with fake notifications asking to re-enter their credentials or asking for a confirmation code. These methods allow the malware to steal the user’s banking credentials swiftly and promptly. Bizarro also uses JPEG images with the target bank’s logo to convince the user that their system has been compromised and needs an update. Other malware such as Guildma, Javali, and Melcoz originate from Brazil just like Bizarro and target users all over Europe.

Previous

S&P Hints at Rating Downgrades for Poor Cyber… Again

Next

Cybersecurity M&A and Funding Update: May 28

Check Also

Widget

Don’t Miss

Cyber Deal Update: Upstream Security, Hunters, build.security

Khushi Arora

Upstream Security and Hunters complete Series C and Series A funding rounds, respectively. Elastic NV acquires build.security. Funding Upstream Security, an Israeli provider of automotive cybersecurity and a data analytics platform for connected vehicles, has closed a $62 million Series C funding round led by Mitsui Sumitomo Insurance, along with new investors I.D.I. Insurance, NextGen […]

Cyber Deal Update: Loop Secure, Intelligent Automation, Blumira

Khushi Arora

Tesserent acquires Loop Secure to complement its own services, and BlueHalo merges with Intelligent Automation. Blumira completes a Series A funding round. Mergers and Acquisitions Tesserent, an Australian network security company, has announced its intent to acquire Loop Secure, a provider of managed security services, governance risk and compliance, and offensive security services also based […]

Cyber Deal Update: FHIRBlocks, InfoSum

Khushi Arora

Healthcare cybersecurity company ConsenSys Health acquires FHIRBlocks. InfoSum and Monte Carlo close a Series B and Series C funding round, respectively. Mergers and Acquisitions Otava, a Michigan-headquartered cloud solutions provider, has announced its acquisition of NewCloud Networks, a Colorado-based cloud computing services provider. The acquisition provides Otava a product portfolio that includes security services, cloud […]

Cyber Deal Update: Carve Systems, Baffle, Certik

Khushi Arora

iVision acquires Carve Systems, Baffle closes a Series B funding round, and CertiK closes adds to its Series B funding round announced last month. Mergers and Acquisitions iVision, a Georgia-based provider of IT infrastructure and application solutions, has acquired Carve Systems, a New York-based cybersecurity company that provides security testing, security engineering, and security strategy […]

Cyber Executive Moves: Aegon Asset Management, Tego Cyber

Khushi Arora

Aegon Asset Management hires former COO of MN and Tego Cyber gains a new CISO. Aegon Asset Management, based in The Netherlands, has appointed Nicole Grootveld-Sandig as its chief technology officer. Grootveld-Sandig joins Aegon from the Dutch specialist pensions management company MN NV. Tego Cyber, a Nevada-based developer of cyber threat intelligence solutions, has hired […]

Cyber Deal Update: Appriss Insights, Espagon

Khushi Arora

Equifast acquires data analytics company Appriss Insights, while Cisco acquires observability provider Espagon. Mergers and Acquisitions Equifax, an Atlanta-based global data, analytics and technology company, has announced its acquisition of Appriss Insights, a Kentucky-based information technology company providing customized solutions to enhance security and financial processes for businesses, for $1.825 billion. “We are extending the […]