Bizarro Trojan hijacking Bitcoin wallets and stealing bank credentials

[Charles-Tim]

It is not good to click on emails without taking proper look, there are some mails that can contain malware links, clicking on the such links will install malware on device used. This malware called Bizarro is a Brazilian malware which have gone viral stealing information on Android devices, it has a way of hijacking bitcoin wallet, steal bank credentials and it has a back door.

A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentials and hijacking Bitcoin wallets from Android users. It spreads via Microsoft Installer packages, which are either downloaded directly by victims from links in spam emails or installed via a trojanized app, according to the analysis.

Once installed, it kills all running browser processes to terminate any existing sessions with online banking websites — so, when a user initiates a mobile banking session, they have to sign back in, allowing the malware to harvest the details. To maximize its success, Bizarro disables autocomplete in the browser, and even surfaces fake popups to snatch two-factor authentication codes, researchers added.

Bizarro also has a screen-capturing module. “It loads the magnification.dll library and gets the address of the deprecated MagSetImageScalingCallback API function,” explained Kaspersky researchers. “With its help, the trojan can capture the screen of a user and also constantly monitor the system clipboard, looking for a Bitcoin wallet address. If it finds one, it is replaced with a wallet belonging to the malware developers.”

And finally, Bizarro also has a main backdoor module that is capable of carrying out more than 100 commands, according to the analysis.

That is why it is not good to click on unauthorized emails, although there are unauthorized emails that contain no malware or phishing links, but just a warning how email messages can have a malware link that can be hazardous to privacy and security.

[1714774968]

1714774968

[1714774968]

1714774968

[1714774968]

1714774968

[1714774968]

1714774968

[1714774968]

1714774968

[sheenshane]

That's the reason why I didn't open emails on my spam inbox, most likely this kind of message that you will receive is in the spam inbox.

I have some questions in my mind, how this hacker know your email address?  
We should always separate the emails that have a valuable asset for us, separate to our frequently used especially in mobile that prone to hack.  Once we receive emails like this, it's probably time to change your emails or change your password.

I never heard this but it seems they are widely spreading at this moment.
I read on this article.

[Charles-Tim]

I have some questions in my mind, how this hacker know your email address? 

It can be as a result of data breach, data breach is a usual and frequent occurrence now, which means given out our information to even legit companies do not mean our information are safe. Also through other sites we register and fill in our information, like our information needed before claiming airdrop, there are even some giveaway that will require verification and nothing will be given after collecting the information. That is why it is very important to limit the information we share, and we should try all our best to avoid it.

[DdmrDdmr]

<…>

Reading the above quote, it seemed inconsistent that the spread procedure is through a MS installer package, and that this virus targets Android users.

After reading the original source (https://securelist.com/bizarro-banking-trojan-expands-its-attacks-to-europe/102258/) It really seems that it starts off acting on Windows OS, which looks like its primary target, and that it can also incite the user to believing that, for security reasons, he needs to install a certain app on his smartphone. The screenshot in the referenced article provides a link (QR based) to both an Android malware app and an IOs app.

[lovesmayfamilis]

I don't understand some things. Why open unsolicited emails at all? Does anyone use this in our time except for scammers? In addition to the fact that there are a bunch of instant messengers whose messages you also need to be wary of, reading emails is a completely rash action. What does the user expect to see in an email from a stranger? That an inheritance suddenly fell on his head?
The scheme of spreading viruses through emails is very old, and this only speaks of the ignorance of the user. If a person has some important data on the device, and he continues to be curious, reading all the letters in a row, then the loss of his funds will be predictable.

[Lucius]

I don't understand some things. Why open unsolicited emails at all?

Curiosity and unawareness that such actions can have serious consequences, which in turn is a consequence of very poor or almost no computer literacy - people use the Internet quite unaware of the dangers that exist on it. In fact, it is not a problem to click on the message and open it, but the real problem is to open the attachment that such an e-mail usually has - or to click on a phishing link.

I have some questions in my mind, how this hacker know your email address? 

From various databases that have been hacked over the years, and we do not have to go beyond more than 1 million e-mail addresses from the Ledger database, which has been publicly available and completely free for some time, or more than 500 million FB user data that are also publicly available. If hackers manage to scam only 1% of all these people we should not suspect that they have profited, anything above that is just an added bonus for them.

[Charles-Tim]

What does the user expect to see in an email from a stranger?

You are right, some of the emails are completely strange, but some people because of ignorance will still click on such strange emails. But, some email senders will almost have the name almost (99%) the same as that of legit companies like banks and crypto exchanges, this can make some people having account in such bank or exchanges to click on such emails. Some people would have been scammed before not knowing the email is not from the original company but from scammers. That is why I do not even bother clicking on unauthorized emails.

[tranthidung]

Some basic rules but many people don't follow

• Use different emails for different purposes
• Some emails are used for important things only
• For entertainment or gambling, trading, exchange experience, especially new platforms, let's use emails that don't connect to your bank account or your main account on exchanges
• Main or sub, the vital rules are: Don't open email from strangers. Don't click on hyperlinks from strangers.

[aioc]

I would not even think of opening an email from unknown sources, I am very careful on opening any email and I am aware of all incoming emails, I am very active in opening and only open emails that I am subscribed to and I never check emails coming from spam, most of the emails with malwares are marked spam, so never check emails on spam even if the titles are attractive.

[Kittygalore]

Some basic rules but many people don't follow

• Use different emails for different purposes
• Some emails are used for important things only
• For entertainment or gambling, trading, exchange experience, especially new platforms, let's use emails that don't connect to your bank account or your main account on exchanges
• Main or sub, the vital rules are: Don't open email from strangers. Don't click on hyperlinks from strangers.

The reason that people don't follow this is because this is an uncommon and not taught by many people and others just expect others to know this basic rules plus your rules might be a bit opinionated which I am sure not a lot of people might accept.