A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.
Once landed on a Windows system, the malware can force users into entering banking credentials and uses social engineering to steal two-factor authentication codes.
The malware spreads through phishing emails that are typically disguised as official tax-related messages informing of outstanding obligations.
The download link in the message retrieves Bizarro as an MSI package. After being launched, the malware downloads from hacked WordPress, Amazon, and Azure servers a ZIP archive with malicious components needed for the attack
Bizarro can receive the following types of commands from its command and control server:
- fetch data about the victim and manage the connection status
- allow control of the files on the hard drive
- allow control of the mouse and keyboard
- shut down, restart or destroy the operating system and limit the functionality of Windows
- log keystrokes
- commands that enable social engineering attacks
What do you think?
It is nice to know your opinion. Leave a comment.