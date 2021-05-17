The new family of banking Trojans from Brazil has already spread to countries such as Spain, Germany, France, Italy, Portugal, Argentina and Chile

Cybersecurity company Kaspersky notes that infected files reach victims from links in ‘spam’ emails

Spain is the European country most affected by the new Bizarro banking Trojan, a Brazilian malware that has already attacked 70 different banks around the world. From them, 22 are Spanish banks. This virus enters computers when a user downloads an infected file from an email.

The cybersecurity company Kaspersky, which has discovered the new threat, points out that Bizarro uses affiliates or hires intermediaries to carry out its attacks, either by collecting money or simply helping with translations. In turn, the cybercriminals who are after this family of ‘malware’ are using different techniques to complicate analysis and detectionas well as social engineering tricks that help convince victims to provide their banking credentials.

How to enter the system

Bizarro is distributed via MSI (Microsoft Installer) packages, which are downloaded by victims from links in ‘spam’ emails. Once executed, Bizarro downloads a ZIP file from a compromised website to implement its additional malicious functions.

Bizarro starts the screen capture module once the data has been sent to the telemetry server, which it collects through servers hosted in Azure, Amazon and WordPress servers compromised to store the ‘malware’.

Kaspersky researchers stress that the main component of Bizarro is the ‘backdoor’, which contains more than 100 commands and most of them are used to show fake pop-up messages to users. Some of them even try to imitate online banking systems.

Kaspersky has highlighted “the globalization of attacks” that Bizarro reveals, since “through the application of new techniques, Brazilian malware families have begun to spread to other continents, and Bizarro, aimed mainly at European users, is the clear example of this “, points out Fabio Assolini, Kaspersky security expert. These ‘malware’ have already reached countries such as Spain, Germany, France, Italy, Portugal, Argentina and Chili.