The arrival of Brazilian Trojans in Spain is already a classic. It was a real trend during 2020 and Kaspersky is now raising the alarm about a threat that comes from the South American country Bizarro names a family of banking Trojans that has left their country of origin to spread through Spain, Portugal, Germany, France and Italy in Europe and Argentina and Chile in America. It has attacked 70 banks and Spain is among the most affected places, with a total of 22 entities attacked so far.
Like Tetrade, Bizarro uses affiliates or hires intermediaries to carry out its attacks, either by collecting money or simply helping with translations. In turn, the cybercriminals who are after this family of malware are using different techniques to complicate the analysis and detection of the malware, as well as social engineering tricks that help convince victims to provide their banking credentials.
This threat is understood to be distributed via MSI (Microsoft Installer) packages, which are downloaded by victims from links in spam emails. Once executed, Bizarro downloads a ZIP file from a compromised website to implement its additional malicious functions. Once the data has been sent to the telemetry server, Bizarro starts the screen capture module.
Kaspersky stress that the main component of Bizarro is the backdoor, which contains more than 100 commands and most of them are used to display fake pop-up messages to users. Some of them even try to imitate online banking systems.
Fabio Assolini, Kaspersky security expert, warns that “By applying new techniques, Brazilian malware families have begun to spread to other continents and Bizarro, aimed mainly at European users, is a clear example of this.”
In order to protect financial institutions from banking Trojans like Bizarro or others like it, Kaspersky experts recommend:
▸Give your SOC team access to the latest threat information to keep you up to date on new tools and techniques used by cybercriminals. Kaspersky Financial Threat Intelligence Reporting contains IoCs, Yara rules and hashes for all these threats.
▸Enhance the skills of your SOC team to deal with the latest targeted threats with Kaspersky online training developed by GReAT experts.
▸Inform your customers about the possible dangers and tricks that cybercriminals can use.
▸Implement an anti-fraud solution that can detect sophisticated fraud.
Also check:
Hancitor is a Trojan that has evolved
Asacub is a Trojan that targets Banks
[…] reads:Bizarro dangerous new banking TrojanDridex is a malware that targets banking […]