Another threat for the online banking sector has surfaced online. Identified as Bizarro – a typical banking trojan is active in the wild targeting numerous banks. The malware not only aims to steal money but also possesses backdoor functionality.
Bizarro Banking Trojan Being Spread Via Spam Emails
Researchers from Kaspersky Labs have discovered a new malware active in the wild. Analyzing the malware “Bizarro” reveals it as a banking trojan closely similar to the Tetrade trojan family.
As explained, the malware doesn’t limit itself to the digital way only. Rather it leverages money mules at the end of the attack for cashing out.
In brief, the attack begins via spam emails dropping MSI packages. Once downloaded, the malware then downloads a ZIP archive from a phishing website that includes a malicious DLL, a legit AutoHotkey script runner, and another script that calls an exported function from the DLL. The latter makes the DLL export the function with the malicious code.
Upon reaching the victim device, the malware kills existing browser sessions. This will compel the victim user to restart the online banking session that obviously requires entering credentials. That’s what the malware targets.
To ensure stealing the credentials, the malware also disables the auto-complete function of the browsers.
Besides, the malware continues executing other malicious activities, such as monitoring clipboard, screen capture, and other activities to look for more data, such as crypto wallets.
Moreover, the malware also exhibits backdoor capabilities that contain 100 commands for more malicious activities, such as displaying fake pop-ups, stealing 2FA codes, and more.
The researchers have shared the detailed technical analysis of the malware in their post.
Malware campaign Targeted 70 Banks
The researchers observed active Bizarro campaigns in the wild targeting European and South American banks.
The affected regions predominantly include Brazil, Argentina, Chile, Germany, Spain, Portugal, France, and Italy. Whereas, the trojan has targeted around 70 different banks until now.
Given the severity of Bizarro, users must ensure keeping their devices secured with robust antimalware tools.