Security News > 2021 > May > 70 European and South American Banks Under Attack By Bizarro Banking Malware
A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries.
The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app.
"When Bizarro starts, it first kills all the browser processes to terminate any existing sessions with online banking websites," the researchers said.
While the trojan's primary function is to capture and exfiltrate banking credentials, the backdoor is designed to execute 100 commands from a remote server that enables it to harvest all kinds of information from Windows machines, control the victim's mouse and keyboard, log keystrokes, capture screenshots, and even limit the functionality of Windows.
Bizarro is only the latest example of how Brazilian banking trojans are increasingly affecting Windows and Android devices, joining the likes of malware such as Guildma, Javali, Melcoz, Grandoreiro, Amavaldo, Ghimob, and BRATA, while simultaneously expanding their victimology footprint across South America and Europe.
"The threat actors behind this campaign are adopting various technical methods to complicate malware analysis and detection, as well as social engineering tricks that can help convince victims to provide personal data related to their online banking accounts," the researchers said.
News URL
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)