Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world.
Users are being targeted in Spain, Portugal, France and Italy.
Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries.
Following in the footsteps of Tetrade, Bizarro is using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping with transfers.
Bizarro has x64 modules and is able to trick users into entering two-factor authentication codes in fake pop-ups. It may also use social engineering to convince victims to download a smartphone app.
The group behind Bizzaro uses servers hosted on Azure and Amazon (AWS) and compromised WordPress servers to store the malware and collect telemetry.
SkyWatchSM Alert Legend
Warning
Active Threat
Malware
Ransomware
Phishing
Network/IOT
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
TLP-White
Disclosure is Not Limited.
TLP-Green
Limited Disclosure, Restricted Only to the Community.
TLP-Amber
Limited Disclosure, restricted to the Participant's Organization.
TLP-Red
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.
Discover Glesec.
Authority. Consistency.
Sign-up today for SkywatchSM Alerts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.