Kaspersky researchers have discovered a new banking malware originating from Brazil. The new malware could be seeking to exploit weaknesses in banking systems across the globe.
Last year, Kaspersky researchers noticed that several banking Trojans originating in South America had begun to spread to banks in countries other than Brazil. The now-famous Bizarro virus targeted about 70 banks in various European and South American countries.
Malware attacks are collectively known as “the Tétrade” virus family and were characterized by new, innovative, and sophisticated techniques. This trend looks set to continue in 2021, with a new local player, Bizarro, becoming a worldwide phenomenon.
As in the case of Bizarro, they use partners or recruit money launderers “money mules” to carry out their attacks, payout money, or help with the transactions.
It seems the cybercriminals behind the malware family use a variety of technical methods to make malware analysis and detection more complex and psychological manipulation tricks to convince targets to provide online banking information.
Bizarro is distributed via Microsoft installation packages that victims download from links in spam emails. Once Bizarro launches, it downloads a ZIP archive from a compromised website to perform other malicious functions.
Once the server connection is established, Bizarro starts the screen capture module.
According to Kaspersky experts, Bizarro uses hosted servers on Azure, Amazon, and hacked WordPress sites to store malware, collect data, and hack his targets.