Spain is the European country most affected by the new Brazilian banking Trojan Bizarro, a ‘malware’ that has already attacked 70 different banks around the world, of which 22 are Spanish banks.
The cybersecurity company Kaspersky, which has discovered the new threat, has reported a new family of banking Trojans from Brazil that has already spread to other countries such as Spain, Germany, France, Italy, Portugal, Argentina and Chile.
Bizarro uses affiliates or hires intermediaries to make its attacks operational, either by collecting money or simply helping with translations, as Kaspersky reported in a statement.
In turn, the cybercriminals who are after this family of ‘malware’ are using different techniques to complicate analysis and detection, as well as social engineering tricks that help convince victims to provide their banking credentials.
Bizarro is distributed via MSI (Microsoft Installer) packages, which are downloaded by victims from links in ‘spam’ emails. Once executed, Bizarro downloads a ZIP file from a compromised website to implement its additional malicious functions.
Bizarro starts the screen capture module once the data has been sent to the telemetry server, which it collects through servers hosted in Azure, Amazon and WordPress servers compromised to store the ‘malware’.
Kaspersky researchers stress that the main component of Bizarro is the ‘backdoor’, which contains more than 100 commands and most of them are used to display fake pop-ups to users. Some of them even try to imitate online banking systems.
Kaspersky has highlighted “the globalization of attacks” that Bizarro reveals, since “through the application of new techniques, Brazilian malware families have begun to spread to other continents, and Bizarro, aimed mainly at European users, is the clear example of this “, says Fabio Assolini, Kaspersky security expert.