Sunday, November 1, 05:04
Home security Vizom: New malware hijacks bank accounts

Vizom: New malware hijacks bank accounts

Vizom disguises itself as a popular "videoconferencing software", with meetings all online due to the pandemic.

Researchers have discovered a new form of malware using remote attacks overlay to hit bank account holders in Brazil.

The new version of the malware, called Vizom by IBM, is used in an active campaign across Brazil designed to jeopardize bank accounts through online finance services.

Vizom

On Tuesday, IBM security researchers Chen Nahman, Ofir Ozer and Limor Kessem said that malware uses interesting tactics to stay hidden and compromise their devices. users in real time - that is, remote overlay and DLL hijacking techniques.

Vizom spreads through spam-based phishing campaigns and disguises itself as popular video conferencing software - tools that have become vital to business and social media. events due to the COVID-19 pandemic.

Once the malware lands on a vulnerable Windows computer, Vizom will first hit the AppData directory to start the chain infection. By utilizing DLL hijacking, the malware will try to force the malicious DLL to load by naming its own Delphi-based variants with names expected from legitimate software in their directories.

By hijacking the "innate logic" of a system, IBM says the operating system is being tricked into loading Vizom software as an affiliate process of a legitimate video conferencing file. The DLL is called Cmmlib.dll, a file associated with Zoom.

Then a dropper will launch zTscoder.exe via the command line and a second payload, a Remote Access Trojan (RAT) will be exported from a remote server - with the same hijacking trick running in the Vivaldi web browser.

To detect persistence, browser shortcuts are violated and regardless of the browser that a user is trying to run, the malicious Vivaldi / Vizom code will run in background.

The malware will wait for any indication that there is access to an online banking service. If the title of a webpage matches the Vizom target list, operators will be notified and will be able to connect remotely to violated computer.

As Vizom has already developed RAT capabilities, intruders can take over a breached session and overlay content to trick victims into giving their bank account credentials.

Source of information: zdnet.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to create a meeting directly from an email in Outlook

Sometimes a meeting is better than an impersonal email. See how you can create a meeting directly from an email or ...

Remote employees open suspicious emails despite security risks

Remote employees are increasingly endangering corporate data and systems, as they do not follow the security of best practices, according to ...

How can you view older versions of a site?

Wayback Machine is an online service that takes screenshots from sites, allowing its users to see what a site was like ...

The Marriott breach fine was reduced to $ 23,8 million

The fine imposed by the British security observer, at the Marriott hotel unit due to data breach, was reduced by 14,4 million £ ...

How to view changes in a Microsoft PowerPoint presentation

While Microsoft 365 subscribers can collaborate in real time on a PowerPoint presentation, some prefer to work alone ...

iPhone / iPad: How to add bookmarks to multiple tabs in Safari

Safari on iPhone and iPad has a hidden feature that allows you to add bookmarks to all open sites ...

NordPass notifies you if your data has been compromised

NordPass password manager has announced a new update, which will help users find out if their data ...

How to change Screen Saver on Android TV

Android TV may not be as customizable as an Android phone, but there is still plenty you can do to ...

USA: Co-operation needed to tackle online child abuse

The Assistant Attorney General of the United States, Beth Williams, calls on all people to take action and unite for ...

Russian hackers targeted the Democratic parties of California and Indiana

The group of Russian hackers who are accused of interfering in the 2016 presidential elections in the USA, this year are accused of targeting emails ...