Bizarro is an adjective that means “brave, generous, lucid, splendid.” He is also a comic book villain for the DC publisher. And recently, the name of a new malware that is driving the digital security teams of various banks around the world crazy.
Cybersecurity expert Kaspersky has discovered and reported a new family of banking Trojans from Brazil that has already spread to other countries such as Spain, Germany, France, Italy, Portugal, Argentina, and Chile. In fact, Spain is the European country most attacked by Bizarro, affecting 22 Spanish banking entities. In the rest of the world, the Trojan it has attacked 70 different banks.
Kaspersky has highlighted “the globalization of attacks “ that lets see Bizarro, since “Through the application of new techniques, Brazilian ‘malware’ families have begun to spread to other continents, and Bizarro, aimed mainly at European users, is a clear example of this“says Fabio Assolini, the company’s security expert.
Infection by intermediaries
How does this new banking Trojan work? Bizarro uses affiliates or hires intermediaries to make its attacks operational, either by charging or simply helping with translations, such as Kaspersky informed it’s a statement. In turn, the cybercriminals behind the Trojan family are using various techniques to complicate analysis and detection, as well as social engineering tricks that help convince victims to provide their banking credentials.
Bizarro is distributed via MSI (Microsoft Installer) packages, which are downloaded by victims from links in ‘spam’ emails. Once executed, the malware downloads a ZIP file from a compromised website to implement its additional malicious functions.
Bizarre starts the screen capture module once the data has been sent to the telemetry server, that it collects through servers hosted in Azure, Amazon and WordPress servers compromised to store the malware. Kaspersky researchers stress thate the main component of Bizarro is the ‘backdoor’, which contains more than 100 commands and most of them are used to display fake popup messages to users. Some of them even try to imitate online banking systems.
At the moment we have not had news or notices from any bank in the country about this, so it seems that either Bizarro has not been successful in any of its attacks in Spain, or some entity that has been affected has not made it public yet.