Bizarro Banking Trojan Steals Credentials From Customers of 70 Banks in Europe & South America

To perform its attacks Bizarro utilizes affiliates or works with mediators, either by collecting money or merely helping with analyses.

A new banking trojan has been found just recently by the security professionals at Kaspersky, and it has been called as “Bizarro,” and this new trojan steals qualifications from customers of 70 banks in Europe and South America..

The cybersecurity experts have strongly suggested the users not to click on any unidentified links.
They have suggested keeping an eye out for unexpected habits on your system.
Even they have actually likewise advised to keep eye on the pop-up windows, specifically while browsing any banking site.
Constantly check your destination bitcoin addresses before sending them any funds.

Working Method of Bizarro.

The operators of this malware could introduce 100 commands from a remote server to accumulate all the key information from targeted Windows systems..

It has the capability to record login qualifications that are gone into by their victims on their particular banking websites.
It consistently keeps track of the victims clipboard to replace any bitcoin and find address with its own.
It has the capability to produce phony prompts to get 2FA codes.
It immediately gets fired up once the user visits among a set of hardcoded banking websites.


Bizarro is a family of Trojans that is originating in Brazil, and it has currently attacked banking entities in different countries all over the world.

Like this, the risk actors take access to the infected system and get the capability to control the victims mouse, keyboard, log keystrokes, capture screenshots, and even limit the performance of Windows.

Presently, the experts have pronounced that there is no specific information is available that how many users were impacted by this trojan; as no bank has actually made any information public regarding this matter.

To alleviate this banking trojan, the researchers have actually highly recommended some mitigations, and here they are mentioned below:-.

So, when these information sent to the telemetry server, Bizarro rapidly starts its screen capture module. Simply put, the major role of Bizarro is to exfiltrate and seize all the banking qualifications of their victims.

Additionally, to collect and save the malware telemetry data, Bizzaro likewise uses the servers that are hosted on Azure, Amazon (AWS), and even the hacked WordPress servers also..

Bizarro displays different pop-up windows that imitate the real electronic banking procedures, as in this it techniques the user. All these genuine-looking pop-up windows ask the users for their different information and after that use them to bring out financial or monetary transactions.

Capabilities of Bizarro.

Here, in return, the danger actors who want this malware family use different methods to make complex analysis and detection to trick their victims and acquire access to their banking credentials.

According to the Kaspersky report, Once the victim launches the harmful links from the spam emails they got, Bizarro automatically downloads a ZIP file from a jeopardized website.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity and hacking news updates.

This new banking trojan utilizes tactics like social engineering to convince all its victims to turn over their banking credentials. Bizarro is distributed by means of MSI (Microsoft Installer) bundles that the victim downloads from the links connected in spam e-mails..