Bank-targeting malware disguises itself as video conferencing software
IBM says the Vizom malware is spreading through spam-based phishing campaigns
IBM Security researchers have discovered a new form of malware targeting online banking users in Brazil.
Dubbed Vizom, the malware disguises itself as popular video conferencing software and uses convincing remote overlays to take over user devices in real-time.
Research shows that hackers are delivering the malware via spam-based phishing email campaigns. According to IBM Security researchers Chen Nahman, Ofir Ozer and Limor Kessem, the new malware also uses remote overlay techniques and DLL hijacking to evade detection.
Once embedded on a compromised PC, Vizom forms an infection chain through dynamic link library (DLL) hijacking - it force-loads malicious DLLs by naming its Delphi-based variants with unsuspecting file names found in directories of legitimate videoconferencing software. In Brazil’s case, the DLL is Cmmlib.dll, a file associated with Zoom.
What happens next is stealthy and treacherous. During an ongoing online transaction, the malware connects remotely to the compromised PC. It creates potent and believable HTML overlays and loads them in the Vivaldi internet browser in application mode. It then launches a keylogger that logs the user’s every keystroke when accessing their bank account. The malware then ships the acquired information to the attacker's command-and-control (C2) server.
There are no reports of hijacking in the US, but attacks have been observed across South America and Europe.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now