Security News > 2020 > October > Overlay Malware Targets Windows Users with a DLL Hijack Twist

Brazilians are being warned of a new overlay malware targeting Windows users in order to siphon victims' financial data and drain their bank accounts.

Vizom is similar to other overlay malware strains in that its attack vector is via malspam and phishing campaigns delivered to potential victims' inboxes.

First, the dropper downloads an executable, then unpacks the video conferencing software and a malware DLL payload, explained Nahman in a breakdown of the malware infection chain posted Monday.

Post infection, the malware monitors browser activity, communicates to the attackers' command-and-control server, captures keystrokes and deploys its overlay screen above a bank's website that the attackers have preselected.

The actual data pilfered from targets is collected with a keylogger and then sent to the attacker's C2. Of note, according to Nahman, is that Vizom "Generates an HTML file from encrypted strings, then opens it with the 'Vivaldi' browser in application mode." This, he said, is not typical of similar overlay malware and allows the application to be executed on a single web page without the typical browser's user interface - preventing the infected victim from taking on-screen actions.

News URL

https://threatpost.com/overlay-malware-dll-hijack/160288/