Banking Malware on Attack: A brief overview of 'Bizarro'

July 21, 2021

In the first half of 2021, banking malware has established itself as one of the main trends in the cybercrime landscape.

Brazilian Trojans are more strengthened. Also, new Trojans have emerged, so companies must be careful.

According to sources and experts in the cyber industry, known malware families in 2021 focus on the theft of bank credentials and point out that they monitor activity until people browse their bank's website.

Curious fact

"Several banking Trojans from South America are expanding their operations to other regions, especially Europe. Among them are: Guildma, Javali, Melcoz, Grandoreiro and Amavaldo." - Kaspersky (2021)

A brief overview of 'Bizarro':

'Bizarro' is a family of Brazilian banking Trojans. This malware has attacked users from Spain, Portugal, France, and Italy. It threatens to attack South American countries by stealing customer credentials.

"Bizarro is made up of x64 modules and is capable of tricking users into entering two-factor authentication codes in fake pop-ups. It can also convince a user to download a smartphone app with the help of social engineering. It uses servers hosted on Azure and Amazon and compromised WordPress servers to store malware and collect telemetry". (Kaspersky, 2021)

'Bizarro' collects the following information about the system it is running on:

  • Name of the team
  • Operating system version
  • Default browser name
  • Name of the antivirus software installed.

The backdoor as a core component of Bizarro allows attackers to steal online bank account credentials. Its objective is to attack 70 banks from different European and South American countries.

Implementing security measures is good to avoid these crimes, in conjunction with a robust cybersecurity service that responds to the needs of organizations. That is why THETA432 offers you personalized and high-end programs to prevent organizations from within. Ask for more information, send a message to info@theta432.com.

Sources:

  1. Kaspersky. (May 17, 2021). El troyano bancario Bizarro extiende sus ataques hacia Europa. Retrieved from: https://securelist.lat/bizarro-banking-trojan-expands-its-attacks-to-europe/93679/
  2. Vanguardia. (July 19, 2021). Malware amenaza a datos bancarios. Retrieved from: https://vanguardia.com.mx/articulo/malware-amenaza-datos-bancarios

Authored by:

Jorge Daniel Tejeda