We research. You level up.
Protect your devices, your data, and your privacy—at home or on the go.
“Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected.”
Featured Event: RSA 2021
Activate Malwarebytes Privacy on Windows device.
Cybersecurity Month: Save 25% on EP and EDR for your business – BUY NOW
Bizarro: a banking Trojan full of nasty tricks
Malware
Posted: by
Researchers have discovered a new banking Trojan that has been found targeting customers of European and South American banks. They have dubbed the new Trojan Bizarro.
The Bizarro malware spreads via Microsoft Installer (MSI) packages. Identified sources so far have been spam emails and attackers may also use social engineering to convince victims to download a smartphone app. Experts have detected infections in Brazil, Argentina, Chile, Germany, Spain, Portugal, France, and Italy. Bizarro uses compromised WordPress, Amazon, and Azure servers to host the MSI packages that victims are tricked into downloading.
Bizarro has quite a few tricks up its sleeve:
The backdoor offers a lot of options to the attacker, including:
Like many other banking Trojans of Brazilian origin, Bizarro focuses on European and South American banks. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries.
Besides the obvious victims that get the malware on their system, Bizarro also use money mules to operationalize their attacks, cash out, or simply to help with transfers. These money mules often have short-lived criminal careers before they end up in jail.
As always the most important advice is to not click on links that come from an uncertain source. Also keep an eye out for unexpected behavior on your system. Especially when it comes to banking, it’s better to look into weird behavior than to just assume it’s Windows acting up. And double check your destination bitcoin addresses before sending them funds. (This is good advice in all circumstances: This isn’t the only malware that uses the clipboard to replace bitcoin addresses, and there are no do-overs with bitcoin!)
The downloaded ZIP archive contains the following files:
The DLL is detected by Malwarebytes’ machine learning module.
Stay safe, everyone!
SHARE THIS ARTICLE
COMMENTS
RELATED ARTICLES
Malware | Threat analysis | Threat Intelligence
May 21, 2020 – The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.
Threat analysis | Threat Intelligence
December 3, 2019 – We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware.
Cybercrime | Malware
March 14, 2019 – Emotet is often mentioned as one of the most annoying, effective, and costly present-day malware infections. We discuss the reasons why and the proper way to remove it.
101
November 14, 2018 – There’s a newer, more sophisticated banking Trojan in town attempting to penetrate business networks and giving Emotet a run for its money. And its name is TrickBot. Learn how this threat is giving organizations a run for their money.
Security world | Week in security
September 17, 2018 – A roundup of the security news from September 10–16, including omnichannel fraud, ways to get back at scammers, the security of 2FA, and partnerstrokas.
ABOUT THE AUTHOR

Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Silouette of person
Contributors

Malware
Threat Center

Book with bookmark
Glossary

Suspicious person
Scams

Pencil
Write for Labs

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
Imagine a world without malware. We do.
FOR PERSONAL
FOR BUSINESS
COMPANY
ABOUT US
CAREERS
NEWS AND PRESS
MY ACCOUNT
SIGN IN
CONTACT US
GET SUPPORT
CONTACT SALES
© All Rights Reserved
Select your language
Cybersecurity basics
Your intro to everything relating to cyberthreats, and how to stop them.

source