The malware called Bizarro targeted 70 banks from various countries.
REPUBLIKA.CO.ID, JAKARTA — Researchers Kaspersky have found malware new banking from Brazil. Malware named Bizarre targeting 70 banks from various European and South American countries. Last year, Kaspersky researchers looked at several banking trojans from South America (Guildma, Javali, Melcoz and Grandoreiro), expanding their operations worldwide.
Collectively recognized as the “Tetrades”, this family uses a variety of new, sophisticated and innovative techniques. The year 2021 has shown this continuous trend, as a new local player, Bizarro is starting to go global.
Bizarro is a new banking Trojan family that originated in Brazil, which is now also in other countries, such as Argentina, Chile, Germany, Spain, Portugal, France and Italy. Much like Tetrade, Bizarro uses affiliates or recruits money mules to operate their attacks, either by making payments or simply helping with translation.
At the same time, the cybercriminals behind the group malware it adopts various technical methods to make analysis and detection malware getting complicated. Cybercriminals also perform social engineering tricks that help convince targets to provide banking credentials online they.
Bizarro is distributed via an MSI (Microsoft Installer) package which is downloaded by carbon from a link in a spam email. Once launched, Bizarro downloaded the ZIP archive of the compromised website to implement its malicious functionality further.
After sending data to the telemetry server, Bizarro initializes the screen capture module (screen capture). So far, Kaspersky experts have seen Bizarro use servers hosted on Azure, Amazon and compromised WordPress servers to store malware and collect telemetry.
Kaspersky researchers highlight that the backdoor is a core component of Bizarro. It contains more than 100 commands and is mostly used for displaying messages pop-up fake to the user. Some of them even tried to imitate the banking system online.
Kaspersky security expert Fabio Assolini says cybercriminals are constantly looking for new ways to spread malware who steals credentials on electronic payments and banking systems online. Kaspersky witnesses a game-changing trend in distribution malware regional banking-actors are actively attacking users, not only in their own region but all over the world.
“Applying a new technique, family malware Brazil is starting to distribute its malicious activity to other continents, and Bizarro, which targets users from Europe, is the clearest example of this. This should be a reminder for the greater emphasis on regional threat actor analysis and local threat intelligence, which only in the short term can become a global issue that needs attention,” Assolini commented in a press release received by Republika, Wednesday (2/6).
– .
:quality(80)/cdn-kiosk-api.telegraaf.nl/2c4358e2-c3ae-11eb-9c3e-0217670beecd.jpg?resize=150%2C150&ssl=1 "Queen Elizabeth celebrates 70th anniversary of the throne | Royals")