This new malware uses remote overlay attacks to hijack your bank account

silversurfer

Level 68
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,782
The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services.

On Tuesday, IBM security researchers Chen Nahman, Ofir Ozer, and Limor Kessem said the malware uses interesting tactics to stay hidden and to compromise user devices in real-time -- namely, remote overlay techniques and DLL hijacking.

Vizom spreads through spam-based phishing campaigns and disguises itself as popular videoconferencing software, tools that have become crucial to businesses and social events due to the coronavirus pandemic.

Once the malware has landed on a vulnerable Windows PC, Vizom will first strike the AppData directory to begin the infection chain. By harnessing DLL hijacking, the malware will attempt to force the loading of malicious DLLs by naming its own Delphi-based variants with names expected by the legitimate software in their directories.

Full report by researchers:
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,904
Hi, This sounds very scary, no chance to detect it.(n):cautious:
When the headlines draws the attention like: The new malware magically infects computers, then yes, it sounds scary, otherwise it is the same old. The user downloads the infected software and the runs it. DNS might be able to block the known C&C server and firewall the download of a payload as well.
 
Top