May 18, 2021
Kaspersky researchers have discovered a new banking malware from Brazil, named Bizarro, targeting 70 banks from different European and South American countries.
Last year, Kaspersky researchers saw several banking trojans from South America (Guildma, Javali, Melcoz and Grandoreiro), expanding their operations all over the globe. Collectively recognised as “the Tétrade”, these families employed a variety of new, innovative and sophisticated techniques. 2021 has seen a continuation of this trend as a new local player, Bizarro, goes global.
Bizarro is a new banking Trojan family originating in Brazil, that is now also in other countries, such as Argentina, Chile, Germany, Spain, Portugal, France, and Italy. Just like Tétrade, Bizarro is using affiliates or recruiting money mules to operationalise their attacks, doing the cashout or simply helping with translations.
The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users.
A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said.
According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentials and hijacking Bitcoin wallets from Android users. It spreads via Microsoft Installer packages, which are either downloaded directly by victims from links in spam emails or installed via a trojanized app, according to the analysis.
Once installed, it kills all running browser processes to terminate any existing sessions with online banking websites so, when a user initiates a mobile banking session, they have to sign back in, allowing the malware to harvest the details. To maximize its success, Bizarro disables autocomplete in the browser, and even surfaces fake popups to snatch two-factor
GitHub - dolthub/dolt: Dolt – It s Git for Data github.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from github.com Daily Mail and Mail on Sunday newspapers.
MountLocker s News & Leaks site hosted on the darknet (Source: BlackBerry)
BlackBerry researchers are tracking a relatively new ransomware variant called MountLocker and the operators behind it, who are using affiliate cybercriminal gangs to help spread the malware, exfiltrate data and extort victims, sometimes for millions of dollars.
The ransomware was first spotted by BlackBerry s Incident Response Team in July, and its code was updated in November to allow MountLocker to better target certain files and evade security tools, according to the researchers report.
BlackBerry researchers note that only five victims are listed on MountLocker s News & Leaks site hosted on the darknet, but the report warns that its operators and affiliates are poised to expand, and there s likely more victims than currently known.