A new banking Trojan has been discovered, dubbed Bizarro, from a family of Trojans originating in Brazil that has already attacked banks in several countries around the world, including Spain, Portugal, France and Italy. It is known to have already attempted to steal customer credentials from 70 banks in various European and South American countries.
Bizarro tells the user not to worry about transactions occurring during the “security update”, as they are only confirming the customer’s identity.
This makes customers feel more confident to approve the next transactions requested by the attacker.
At that point, a security problem is supposedly detected. The customer is prompted with a warning that the module is being updated to allow secure access to the page. The user is told not to turn off or restart the device while your bank is supposedly performing updates and not to press keys or use the mouse.
There are several ways in which it obtains information. Victims may be asked at this point to submit their two-step authentication passwords that will be passed to the attackers. Another interesting feature that has been seen or involves an attempt to convince the victim to install a malicious application on their smartphone.
For the latter, Bizarro asks the user to choose which operating system their smartphone is running. If the victim chooses Android, the C2 server will send a link with a malicious app to the client.
News link: https://cutt.ly/5bMvfEc
