Jakarta, CNBC Indonesia – A new Brazilian malware discovered by Kasperksy researchers. Named Bizarro, this malware targeted 70 banks in a number of European and South American countries.
“Cybercriminals are constantly looking for new ways to spread credential-stealing malware on electronic payments and online banking systems. Today, we are witnessing a game-changing trend in banking malware distribution, regional actors are actively attacking users, not just in their own region. but also around the world,” said Kaspersky security expert Fabio Assolini, quoted Friday (4/6/2021).
“Applying the new technique, this Brazilian malware family began distributing its malicious activity to other continents, and Bizarro, which targets users from Europe, is the clearest example of this. This should serve as a reminder for greater emphasis on threat actor analysis
regional and local threat intelligence, which in the short term can become a global issue of concern.”
The presence of Banking Trojans is not new. Last year, Kaspersky discovered that there were a number of banking trojans in South America, namely Guildma, Javali, Melcoz and Grandoreiro.
The trojans are expanding their operations around the world and are known to use a variety of new, sophisticated and innovative techniques. While in 2021, Bizarro becomes a new player and shows the continuing trend of the trojan family.
In his statement, Kaspersky explained Bizarro used affiliates or recruited money mules with the aim of operating attacks. You do this by making payments or helping translate, quoted Friday (4/6/2021).
Bizarro is distributed using the Microsoft Installer or MSI packages. The way the victim downloads the MSI from the link included in the spam email.
After that, Bizarro will download the ZIP archive of the compromised website and then insert the malicious function. This Trojan will send data to the telemetry server, and initiate a screen capture module.
Kaspersky experts see Bizarro using servers hosted on Azure, Amazon and WordPress servers. That server has been compromised to store malware and collect telemetry.
Backdoor is a core component of the trojan with more than 100 commands. Most of them are used to display fake pop-up messages on their users and some try to emulate online banking systems.
Kaspersky also provides tips for protecting financial institutions from Banking Trojans such as Bizarro. The first is by giving the Security Operation Center or SOC team access to the latest threat intelligence. That way, you can find out the current tools and techniques used by cybersecurity actors.
Next up is the SOC skill level to deal with threats. In addition, by educating users about the potential dangers and tricks that the perpetrators might use.
This education question should be done regularly on how to identify fraud and the actions taken.
Lastly is to use an anti-fraud solution. This solution should be able to detect sophisticated fraud cases.
(roy/roy)
– .
