Security News > 2021 > May > 70 European and South American Banks Under Attack By Bizarro Banking Malware

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries.

The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app.

"When Bizarro starts, it first kills all the browser processes to terminate any existing sessions with online banking websites," the researchers said.

While the trojan's primary function is to capture and exfiltrate banking credentials, the backdoor is designed to execute 100 commands from a remote server that enables it to harvest all kinds of information from Windows machines, control the victim's mouse and keyboard, log keystrokes, capture screenshots, and even limit the functionality of Windows.

Bizarro is only the latest example of how Brazilian banking trojans are increasingly affecting Windows and Android devices, joining the likes of malware such as Guildma, Javali, Melcoz, Grandoreiro, Amavaldo, Ghimob, and BRATA, while simultaneously expanding their victimology footprint across South America and Europe.

"The threat actors behind this campaign are adopting various technical methods to complicate malware analysis and detection, as well as social engineering tricks that can help convince victims to provide personal data related to their online banking accounts," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/QCDokR5fAd8/70-european-and-south-american-banks.html