When it comes to cyber attacks, they can come from anywhere in the world, and there are countries with a long tradition in this area. Brazil is one of them, a country from which a new banking Trojan has come from which they have assigned the name of Bizarro.
In this sense, Bizarro belongs to a family of Trojans that has been used as a tool to commit cyber attacks against banks in countries such as Spain, Portugal, Italy and France, although they also affect Latin America.
As for the way it works, this Trojan uses social engineering techniques to trick its victims into providing their personal and banking details. Its dissemination is carried out through MSI (Microsoft Installer) packages that come into action when downloaded by the victim through links included in spam emails.
Subsequently, Bizarro proceeds to download a ZIP file that comes from a disreputable website. For its part, the Kaspersky team In charge of the investigation, he had the opportunity to witness how this Trojan works by hacking WordPress, Amazon and Azure servers, which were used to store malicious files.
When a client accesses the bank’s page, Bizarro takes action by displaying a message on the screen where the user is notified that it is blocked and that the installation of security updates is being carried out. The user is asked to skip the update and continue with their transactions as this is only a customer identity confirmation process. This makes the person trust the message and approve the transactions that are requested by the Trojan.
There are several ways in which this Trojan obtains information from the user, either by asking them to send their two-step authentication passwords or by means of a strategy aimed at convincing the victim to install a malicious app on their smartphone. .