Brazilian malware threatens banking data across Latin America

The first half of the year was characterized by the presence of malicious software of Brazilian origin destined to steal banking data throughout Latin America, a threat that will persist among the clients of financial institutions, warned the firm of cybersecurity S21Sec.

“In the first half of 2021, banking malware has continued as one of the main trends in the landscape cybercriminal. Some of the threats that existed in previous years, such as the Brazilian Trojans, have been reinforced and have also appeared new trojans of utmost relevance ”, highlights the firm’s cyber threat report.

According to the document, among the different malware families known in 2021, it is specifically focused on the theft of bank credentials.

“These malicious programs monitor the activity of the infected user, waiting for them to browse the website of their bank. Once the victim accesses their electronic banking, their access credentials are sent to the criminals’ control panel, ”he explained.

Also read: Android apps that are stealing bank details

S21Sec explained that last May the existence of a Brazilian banking Trojan was revealed called bizarre, which affected more than 70 banking entities in the world, especially in Latin America, Portugal and Spain.

“Bizarro aims to steal the banking credentials of users of various financial institutions through various methods that avoid their detection and analysis, as well as other engineering tricks to convince the victim to provide personal and banking data,” he explained.

The firm specialized in cybersecurity explained that the main route of infection observed by Bizarro is through large spam campaigns in malicious emails. Its mode of operation, in most emails that are sent, includes an attachment or a link which redirects the download of malicious software, with an .msi extension, which indicates that it is a Windows installation package, and that misleads the user and makes the installation of the virus go unnoticed.

S21Sec reported that in January 2021 the Vadokrist banking trojan, aimed at entities in Latin America, and which shared several common functionalities in other Trojans against financial institutions from Brazil.

Also read: How to avoid fraud when shopping online?

“It is a malware with capabilities that allow its operators to manipulate the mouse, record the keystrokes and perform screenshots, among other aspects ”, he explained.

S21Sec highlighted that in the first half of 2021, in addition to attacks on banks, as happened last year, an increase in attacks produced by different ransomware operators has been observed.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.