Bizarro is an adjective that means “brave, generous, lucid, splendid.” He is also a comic book villain for the DC publisher. And recently, the name of a new malware that is driving the digital security teams of various banks around the world crazy.
The cybersecurity expert company Kaspersky has discovered and reported a new family of banking Trojans from Brazil that has already spread to other countries such as Spain, Germany, France, Italy, Portugal, Argentina and Chile. In fact, Spain is the European country most attacked by Bizarro, affecting 22 Spanish banks. In the rest of the world, the Trojan has attacked 70 different banks.
Kaspersky has highlighted “the globalization of attacks” that Bizarro reveals, since “through the application of new techniques, Brazilian ‘malware’ families have begun to spread to other continents, and Bizarro, aimed mainly at European users, is a clear example of this, “says Fabio Assolini, the company’s security expert.
Infection by intermediaries
How does this new banking Trojan work? Bizarro uses affiliates or hires intermediaries to carry out its attacks, either by collecting money or simply helping with translations, as Kaspersky reported in a statement. In turn, the cybercriminals behind the Trojan family are employing various techniques to complicate analysis and detection, as well as social engineering tricks that help convince victims to provide their banking credentials.
Bizarro is distributed via MSI (Microsoft Installer) packages, which are downloaded by victims from links in ‘spam’ emails. Once executed, the malware downloads a ZIP file from a compromised website to implement its additional malicious functions.