New Banking Trojan ‘Bizarro’ Circulating Around Europe and South America

  • There’s a new banking trojan called ‘Bizarro,’ which is targeting a wide scope of bank customers.
  • The trojan is spreading in Europe and South America, while the actors are based in Brazil.
  • The info-stealing capabilities of Bizarro are impressive, but the infection trick remains simple.

There’s a new banking trojan that targets European and South American bank customers, and it’s called ‘Bizarro.’ The malware is being distributed in the form of MSI packages which arrive as attachments on spam emails. According to the latest unveiling reports, Bizarro campaigns appear to originate from Brazil, while the actors use compromised WordPress, Amazon, and Azure servers to host their malicious packages.

The capabilities of Bizarro are the following:

  • It can capture login credentials entered on banking sites. To speed up this process, it reportedly closes your existing browser windows, so you are forced to log in. Bizarro also creates fake prompts to solicit 2FA codes.
  • Bizarro constantly monitors the clipboard and will replace any Bitcoin address it finds there with its own (hoping, of course, to capture any transfers that were supposed to be paid into the original address).
  • And last but not least, it is a full-blown backdoor, which gets fired up as soon as the user visits one of a set of hardcoded banking sites.
Source: Kaspersky

The backdoor offers a lot of options to the attacker, including:

  • Gathering data about the infected system and sending them to the C&C server.
  • Searching for and stealing files from the infected computer.
  • Dropping files on the affected system (such as other malware).
  • Remote control of the mouse and keyboard.
  • Keylogging.
  • Creating fake popup windows and messages. The messages are intended to slow down the user’s response time and include progress bars.
  • Emulating banking sites on the fly.
Source: Kaspersky

So far, researchers have seen the trojan mimicking at least 70 banks from various European and South American countries, so Bizarro’s scope is really wide. Most of the infections are in Brazil, Argentina, Chile, Germany, Spain, Portugal, France, and Italy.

Source: Kaspersky

The malware arrives in ZIP form, and it contains the payload “BIZARRO.DLL,” which is written in Delphi. Upon execution, the DLL exports a function that contains the malicious code, while analysts also point out that all functions have been heavily obfuscated to complicate research.

Source: Bank Info Security

If we were to give you a single piece of advice to help you stay protected from these trojans, we would tell you to simply avoid downloading attachments that arrive via unsolicited emails. That should be a rule to follow no matter what claims are made in the content of the message, as these are always crafted to grab your attention and convince you that you need to take action. It’s always clickbait. Finally, keep an up-to-date security solution active on your system and scan files there before opening them.

How to Watch America’s Funniest Home Videos Season 34 Online from Anywhere
What could be the best way to make money, spread laughter, and have a blast simultaneously? The answer: America's Funniest Home Videos....
How to Watch Family Guy Season 22 Online Free from Anywhere
Family Guy Season 22 continues to follow the funny day-to-day activities of the Griffins, particularly Peter’s. The new season is set to...
How to Watch Bob’s Burgers Season 14 Online from Anywhere
Bob's Burgers has been entertaining us with its unique charm and warmth for over 10 years. The Belcher family—Bob, Linda, and their...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari