IBM Security Trusteer researchers have discovered a new malware code and active campaign targeting online banking users in Brazil. The malware, coined “Vizom” by the team, uses familiar remote overlay attack tactics to take over user devices in real time, as the intended victim logs in, and then initiates fraudulent transactions from their bank account.
What we found interesting about Vizom, is the way it infects and deploys on user devices. It uses ‘DLL hijacking’ to sneak into legitimate directories on Windows-based machines, masked as a legitimate, popular video conferencing software, and tricks the operating system’s inherent logic to load its malicious Dynamic Link Libraries (DLLs) before it loads the legitimate ones that belong in that address space. It uses similar tactics to operate the attack.
In this blog post we will provide further information about Vizom, going over the technical details of its components and how it achieves the attacker’s objectives to steal money from online banking users. It’s important to keep in mind that while Vizom currently operates in Brazil, it can be adapted to target any other country in LATAM and in other parts of the world.
Recent Trends in Banking Malware
The COVID-19 pandemic has changed the world in many ways and has especially affected the ways we work. Since so many people have shifted to working from home, and almost everyone is using videoconferencing software to replace in-person meetings with both friends and colleagues, Vizom uses the binaries of a popular videoconferencing software to pave its way into new devices.
To operate the attack, Vizom uses the files of yet another legitimate software, this time the Internet browser Vivaldi, which helps to disguise the malware’s a ..
Support the originator by clicking the read the rest link below.
