Bizarro Malware Expanding Reach to European and South American Banks

Over the last several years, Brazil has continued to maintain its reputation as a hotspot for cybercrime.  According to the APWG, there were 48,137 recorded phishing attacks in 2020 – a nearly 100 percent increase over 2019.

Recently, a leading cybersecurity firm, Kaspersky Labs, reported that a new banking malware that originated in Brazil, called “Bizarro”, is targeting 70 banks in Argentina, Chile, France, Germany, Italy, Portugal, and Spain.   In brief, Bizarro is a banking Trojan that is distributed when email users click on links in spam emails.

Among other features, Bizarro creates a backdoor (a secret portal allowing remote access to a computer) that Kaspersky reports “contains more than 100 commands and most of them are used to display fake pop-up messages to users. Some of them are even trying to mimic online banking systems.”  In addition, “Bizarro is using affiliates or recruiting money mules to operationalize their attacks, doing the cashout or simply helping with translations.”

Information-security and financial crime officers in financial institutions – and not just in Europe and South America — should take note of these details regarding Bizarro and incorporate them into internal briefings and training on cybercrime trends.  While the Kaspersky report highlighted Bizarro’s expansion into Europe and South America, it is more than conceivable that the group behind Bizarro will try to expand their reach to financial institutions in North America and Asia.  If it has the will and skill to find money mules and translators who can write in Spanish and other European languages, it may adopt the same approach to find accomplices sufficiently fluent in English or Asian languages.

(Note: Technical details regarding the operation of Bizarro are available on the Kaspersky and Securelist sites.)

1 thought on “Bizarro Malware Expanding Reach to European and South American Banks”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s