Brazilian Trojan ‘Bizarro’ Is Attacking In Europe And South America


Brazilian Trojan: The virtual security company Kaspersky announced on its blog, on Monday (17), the discovery of a new Brazilian trojan that is attacking consumers in countries in Europe and South America. Called Bizarre, the malware has the capacity to steal Internet Banking credentials from 70 financial institutions.

Sixth family of Brazilian malware detected by Kaspersky, Bizarro operates, in addition to Brazil, in Argentina, Germany, Chile, Spain, France, Italy and Portugal. The malicious file uses the recruitment and affiliation model, which involves associating with “mules” to operationalize its international attacks. In addition to support, these criminal partners support fraud and the withdrawal of stolen money.

In order to avoid the analysis and detection of the infection by the active security solutions, the Bizarro developers have developed some techniques to make the analysis more difficult, adopting social engineering tricks, by which the victims themselves are convinced to spontaneously surrender their bank credentials.

How is Bizarro expanding to other countries?

According to Kaspersky experts, Bizarro’s main distribution route is Microsoft Installer (MSI) packages, which are sent to victims via spam messages. As soon as the program is executed, it downloads a ZIP file with the malware that performs fraudulent banking functions.

As soon as the trojan is installed, it sends data from the computer to the criminal group’s telemetry server, and begins its screen capture “job” to steal bank credentials. Bizarro also monitors possible Bitcoin wallets online. If found, the malware immediately replaces the destination address of future credits for the gang’s virtual wallet.

For Fabio Assolini, a senior analyst at Kaspersky in Brazil, Bizarro is today “one of the most active financial trojan families abroad”. The success is due to its high level of sophistication. With more than 100 commands, it is capable of showing fake pop-up messages, and even showing a fake page identical to the bank’s


Please enter your comment!
Please enter your name here