The Banking Trojan linked to the Tetrade family that Kaspersky researchers have observed operating in Brazil recently has expanded operations, hitting customers of no less than 70 banks across Europe and South America. The malware is distributed by various phishing campaigns using tax notifications and alerts to convince users to install. Bizarro uses a suite of clever tricks to maximize credential theft. For example, killing active browser processes, disabling auto-complete, and pop-ups requesting identity verification. It also monitors user clipboards identifying cryptocurrency addresses and replacing them with those owned by the adversaries.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased