The Banking Trojan linked to the Tetrade family that Kaspersky researchers have observed operating in Brazil recently has expanded operations, hitting customers of no less than 70 banks across Europe and South America. The malware is distributed by various phishing campaigns using tax notifications and alerts to convince users to install. Bizarro uses a suite of clever tricks to maximize credential theft. For example, killing active browser processes, disabling auto-complete, and pop-ups requesting identity verification. It also monitors user clipboards identifying cryptocurrency addresses and replacing them with those owned by the adversaries.
As phishing, including user interaction, maintains its spot at the top of the list regarding initial compromise, user awareness is the key to mitigating this threat. US-Cert offers some great tips to baseline security training advised to be conducted on a quarterly basis. In 2019 Brian Krebs discussed the benefits of incentivizing alerting on phishing threats and the counter-production that punitive measures foster within the workplace citing, “It can create an environment of animosity for the security team because they suddenly become viewed as working for Human Resources instead of trying to improve security,” and “Threatening people usually backfires, and they end up becoming more defiant and uncooperative.”