This new malware uses remote overlay attacks to hijack your bank account

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services.

On Tuesday, IBM security researchers Chen Nahman, Ofir Ozer, and Limor Kessem said the malware uses interesting tactics to stay hidden and to compromise user devices in real-time -- namely, remote overlay techniques and DLL hijacking.

Vizom spreads through spam-based phishing campaigns and disguises itself as popular videoconferencing software, tools that have become crucial to businesses and social events due to the coronavirus pandemic.

Once the malware has landed on a vulnerable Windows PC, Vizom will first strike the AppData directory to begin the infection chain. By harnessing DLL hijacking, the malware will attempt to force the loading of malicious DLLs by naming its own Delphi-based variants with names expected by the legitimate software in their directories.

Full report by researchers:
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Hi, This sounds very scary, no chance to detect it.(n):cautious:
When the headlines draws the attention like: The new malware magically infects computers, then yes, it sounds scary, otherwise it is the same old. The user downloads the infected software and the runs it. DNS might be able to block the known C&C server and firewall the download of a payload as well.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top