Kaspersky researchers discovered a new banking malware from Brazil called Bizaro, targeting 70 banks from different European and South American countries.
Last year, Kaspersky researchers also saw several so-called banking Trojans from South America (Guildma, Javali, Melcoz, and Grandoreiro) expanding its operations around the world.
Bizarro is a banking family of Trojans from Brazil, and is now also active in other countries, such as the Netherlands, Argentina, Chile, Germany, Spain, France and Italy.
Like Tétrade, Bizarro uses associates or recruits money mules to carry out their attacks, pay compensation, or just help with translation. Meanwhile, the cybercriminals behind this malware family are using various technical methods to complicate malware analysis and detection, as well as social engineering tricks to persuade targets to give up their online banking credentials.
Bizarro is distributed via MSI (Microsoft Installer) packages which are downloaded by victims through links in spam emails. Once started, Bizarro downloads a zip archive from a compromised website to perform its other malicious functions. After sending the data to the telemetry server, Bizarro initializes the screen capture module. So far, Kaspersky experts have seen that Bizarro is using servers hosted on Azure, Amazon, and vulnerable WordPress servers to store malware and collect data remotely.