Internet Banking is one of the main activities that target hackers on computers and smartphones. Security has increased dramatically in recent years to minimize risk for consumers, but the users themselves are still the weakest link in the system. Accidentally installing malware applications is enough for hackers to try to attack your digital goods, whether it’s personal data or cash.
Bizarro is the name of the banking trojan who has brought havoc in Brazil, and the hackers behind the project expand their scope by targeting other regions. Sophisticated Trojans have been found in Europe and some South America. The aim is very simple, to steal money from non-suspicion victims, whether it is digital coins such as Bitcoin or more traditional currencies from their bank accounts.
This program is distributed through the MSI download associated with spam messages, which then triggers zip downloads from compromised websites that match the target processor architecture. Once installed, this program obscures the code to avoid detection and start monitoring activities on computers, Hunting for Cryptocurrency Transfers and Online Banking Sessions.
Trojans have some surprising functions that make it very dangerous. When Bizarro starts, it will stop all browser processes to kill online banking sessions. That way, when the user restarts the browser, they will be forced to re-enter banking credentials to enter again. It also disables autocomplete in the browser, so the user must type login credentials manually.
Bizzaro also capture each screen content and monitor clipboard. When the Bitcoin wallet was accessed, Trojan replaced him with one of the hackers. This program supports more than 100 commands that allow attackers to steal banking data, control the computer, log keystroke, and even display fake pop-up messages to delay and confuse users.
The attack will detect when the user starts an internet banking session, at which point it will begin the procedure intended to buy a hacker time to steal money from the victim’s account. This is done with the help of a series of pop-up messages that look like original messages sent from banks to tell users of security updates. While this pop-up appears on the screen, the computer is frozen so that the victim cannot return to other applications, including online banking sessions. At the same time, the hackers access the victim’s account using information taken from the target computer.
Pop-up messages also try convincing victims to enter the two-factor authentication code while blocking access to the computer. That way, the hackers can ratify the login and transfer of money from an unsuspecting victim account. Some pop-ups even inform the target that they might see foreign transactions in their banking sessions, but they are all part of security updates. Some pop-ups will tell them that the computer restart is needed. It’s all intended to prevent users from interacting with their banks when they are robbed.
Bizarro even tried to captivate the victims to install different malicious applications on their smartphones.
Security researchers said Bizarro spread in various countries, including Brazil, Argentina, Chile, Germany, Spain, Portugal, France and Italy. It was only one of the many trojans from South America who currently developed into other areas – full reports of Bizarro available at this link.