Bizarro banking malware targets 70 banks in Europe and South America
By
11:02 AM
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.
Once landed on a Windows system, the malware can force users into entering banking credentials and uses social engineering to steal two-factor authentication codes.
The expansion
Bizarro is under constant development as its author keeps expanding the list of supporting banks and they modify it to improve anti-analysis protections.
Statistics from cybersecurity company Kaspersky shows that Bizarro’s targets are now customers of banks in Europe (Germany, Spain, Portugal, France, Italy) and South America (Chile, Argentina, Brazil).
A blog on how to secure your digital life
A blog that makes cyber security simple
Europe s most educational cyber security blog
A blog written by cyber security specialists
A blog focused on cyber security education
Banking Trojan Bizarro Targets Customers with Spear-Phishing Campaigns
The Attackers Use Advanced Social Engineering Tricks to Lure the Victims into Providing Data Related to Their Online Banking Accounts.
LAST UPDATED ON MAY 20, 2021
QUICK READ
A new banking Trojan called “Bizarro” is now targeting European banking customers through a spear-phishing campaign in an attempt to steal credentials.
This week, Securelist researchers released a report saying the Brazil-originating Trojan is striking users in Brazil, Argentina, Chile, Spain, Portugal, France, and Italy, with bank customers being manipulated into handing over their account credentials for the purposes of financial theft.
May 18, 2021
Kaspersky researchers have discovered a new banking malware from Brazil, named Bizarro, targeting 70 banks from different European and South American countries.
Last year, Kaspersky researchers saw several banking trojans from South America (Guildma, Javali, Melcoz and Grandoreiro), expanding their operations all over the globe. Collectively recognised as “the Tétrade”, these families employed a variety of new, innovative and sophisticated techniques. 2021 has seen a continuation of this trend as a new local player, Bizarro, goes global.
Bizarro is a new banking Trojan family originating in Brazil, that is now also in other countries, such as Argentina, Chile, Germany, Spain, Portugal, France, and Italy. Just like Tétrade, Bizarro is using affiliates or recruiting money mules to operationalise their attacks, doing the cashout or simply helping with translations.
The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users.
A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said.
According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentials and hijacking Bitcoin wallets from Android users. It spreads via Microsoft Installer packages, which are either downloaded directly by victims from links in spam emails or installed via a trojanized app, according to the analysis.
Once installed, it kills all running browser processes to terminate any existing sessions with online banking websites so, when a user initiates a mobile banking session, they have to sign back in, allowing the malware to harvest the details. To maximize its success, Bizarro disables autocomplete in the browser, and even surfaces fake popups to snatch two-factor