New Banking Trojan ‘Bizarro’ Circulating Around Europe and South America

By Bill Toulas / May 19, 2021

There’s a new banking trojan that targets European and South American bank customers, and it’s called ‘Bizarro.’ The malware is being distributed in the form of MSI packages which arrive as attachments on spam emails. According to the latest unveiling reports, Bizarro campaigns appear to originate from Brazil, while the actors use compromised WordPress, Amazon, and Azure servers to host their malicious packages.

The capabilities of Bizarro are the following:

Source: Kaspersky

The backdoor offers a lot of options to the attacker, including:

Source: Kaspersky

So far, researchers have seen the trojan mimicking at least 70 banks from various European and South American countries, so Bizarro’s scope is really wide. Most of the infections are in Brazil, Argentina, Chile, Germany, Spain, Portugal, France, and Italy.

Source: Kaspersky

The malware arrives in ZIP form, and it contains the payload “BIZARRO.DLL,” which is written in Delphi. Upon execution, the DLL exports a function that contains the malicious code, while analysts also point out that all functions have been heavily obfuscated to complicate research.

Source: Bank Info Security

If we were to give you a single piece of advice to help you stay protected from these trojans, we would tell you to simply avoid downloading attachments that arrive via unsolicited emails. That should be a rule to follow no matter what claims are made in the content of the message, as these are always crafted to grab your attention and convince you that you need to take action. It’s always clickbait. Finally, keep an up-to-date security solution active on your system and scan files there before opening them.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari