Sunday, December 29, 2024
HomeMalwareBizarro Banking Trojan Steals Credentials From Customers of 70 Banks in Europe...

Bizarro Banking Trojan Steals Credentials From Customers of 70 Banks in Europe & South America

Published on

SIEM as a Service

A new banking trojan has been discovered recently by the security experts at Kaspersky, and it has been dubbed as “Bizarro,” and this new trojan steals credentials from customers of 70 banks in Europe and South America. 

Bizarro is a family of Trojans that is originating in Brazil, and it has already attacked banking entities in various countries around the world.

This new banking trojan uses tactics like social engineering to convince all its victims to hand over their banking credentials. Bizarro is distributed via MSI (Microsoft Installer) packages that the victim downloads from the links attached in spam emails. 

- Advertisement - SIEM as a Service

According to the Kaspersky report, Once the victim launches the malicious links from the spam emails they received, Bizarro automatically downloads a ZIP file from a compromised website.

Working Method of Bizarro

To carry out its attacks Bizarro uses affiliates or hires mediators, either by collecting money or simply helping with interpretations.

Here, in return, the threat actors who are after this malware family use different techniques to complicate analysis and detection to trick their victims and gain access to their banking credentials.

Bizarro displays different pop-up windows that imitate the real online banking processes, as in this it tricks the user. All these genuine-looking pop-up windows ask the users for their different data and then use them to carry out monetary or financial transactions.

The operators of this malware could launch 100 commands from a remote server to accumulate all the key data from targeted Windows systems. 

Like this, the threat actors take access to the infected system and get the ability to control the victim’s mouse, keyboard, log keystrokes, capture screenshots, and even limit the functionality of Windows.

Moreover, to store the malware and collect telemetry data, Bizzaro also uses the servers that are hosted on Azure, Amazon (AWS), and even the hacked WordPress servers as well. 

So, when these data sent to the telemetry server, Bizarro quickly starts its screen capture module. In short, the major role of Bizarro is to seize and exfiltrate all the banking credentials of their victims.

Abilities of Bizarro

  • It has the ability to capture login credentials that are entered by their victims on their respective banking sites.
  • It uniformly monitors the victims’ clipboard to find and replace any Bitcoin address with its own.
  • It has the ability to produce fake prompts to solicit 2FA codes.
  • It instantly gets fired up once the user visits one of a set of hardcoded banking sites.

Mitigation

To mitigate this banking trojan, the researchers have strongly recommended some mitigations, and here they are mentioned below:-

  • The cybersecurity experts have strongly recommended the users not to click on any unknown links.
  • They have recommended keeping an eye out for unexpected behavior on your system.
  • Even they have also recommended to keep eye on the pop-up windows, especially while browsing any banking site.
  • Always double check your destination bitcoin addresses before sending them any funds.

However, currently, the analysts have pronounced that there is no exact data is available that how many users were affected by this trojan; as no bank has made any information public regarding this matter.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyberhaven Hacked – Chrome Extension With 400,000 users Compromised

Cyberhaven, a prominent cybersecurity company, disclosed that its Chrome extension With 400,000+ users was...

AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles

AT&T and Verizon Communications, two of America's largest telecommunications providers, have confirmed they were...

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...