Saturday, June 15, 2024

Bizarro Banking Trojan Steals Credentials From Customers of 70 Banks in Europe & South America

A new banking trojan has been discovered recently by the security experts at Kaspersky, and it has been dubbed as “Bizarro,” and this new trojan steals credentials from customers of 70 banks in Europe and South America. 

Bizarro is a family of Trojans that is originating in Brazil, and it has already attacked banking entities in various countries around the world.

This new banking trojan uses tactics like social engineering to convince all its victims to hand over their banking credentials. Bizarro is distributed via MSI (Microsoft Installer) packages that the victim downloads from the links attached in spam emails. 

According to the Kaspersky report, Once the victim launches the malicious links from the spam emails they received, Bizarro automatically downloads a ZIP file from a compromised website.

Working Method of Bizarro

To carry out its attacks Bizarro uses affiliates or hires mediators, either by collecting money or simply helping with interpretations.

Here, in return, the threat actors who are after this malware family use different techniques to complicate analysis and detection to trick their victims and gain access to their banking credentials.

Bizarro displays different pop-up windows that imitate the real online banking processes, as in this it tricks the user. All these genuine-looking pop-up windows ask the users for their different data and then use them to carry out monetary or financial transactions.

The operators of this malware could launch 100 commands from a remote server to accumulate all the key data from targeted Windows systems. 

Like this, the threat actors take access to the infected system and get the ability to control the victim’s mouse, keyboard, log keystrokes, capture screenshots, and even limit the functionality of Windows.

Moreover, to store the malware and collect telemetry data, Bizzaro also uses the servers that are hosted on Azure, Amazon (AWS), and even the hacked WordPress servers as well. 

So, when these data sent to the telemetry server, Bizarro quickly starts its screen capture module. In short, the major role of Bizarro is to seize and exfiltrate all the banking credentials of their victims.

Abilities of Bizarro

  • It has the ability to capture login credentials that are entered by their victims on their respective banking sites.
  • It uniformly monitors the victims’ clipboard to find and replace any Bitcoin address with its own.
  • It has the ability to produce fake prompts to solicit 2FA codes.
  • It instantly gets fired up once the user visits one of a set of hardcoded banking sites.


To mitigate this banking trojan, the researchers have strongly recommended some mitigations, and here they are mentioned below:-

  • The cybersecurity experts have strongly recommended the users not to click on any unknown links.
  • They have recommended keeping an eye out for unexpected behavior on your system.
  • Even they have also recommended to keep eye on the pop-up windows, especially while browsing any banking site.
  • Always double check your destination bitcoin addresses before sending them any funds.

However, currently, the analysts have pronounced that there is no exact data is available that how many users were affected by this trojan; as no bank has made any information public regarding this matter.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles