Vizom Malware
The Vizom Malware is a banking Trojan that includes a RAT, or Remote Access Trojan, component for controlling the infected computer. The Vizom Malware may display fake Web browser overlays that imitate Web pages for collecting passwords and other credentials bank account credentials. Brazilian Windows users should continue protecting themselves with appropriate cyber-security products for removing the Vizom Malware as soon as possible and change passwords immediately after resolving any attacks.
Brazil's Banking Trojan Scene Takes a Page from Global News
While some threats use Coronavirus-themed applications for installing themselves, others, like the Vizom Malware, take a more indirect approach. The Vizom Malware is an archetypal example of Brazil's banking Trojan scene, a thriving section of the threat landscape that employs distinctive methods for goals like hijacking bank accounts by collecting their login credentials. Nonetheless, its campaign is interesting for its infection vector: a fake videoconferencing program.
With the rise of videoconferencing work routines in the ongoing epidemic, the Vizom Malware's disguise is plausible and relevant to its targets, Brazilian business employees working from home. The downloaded files use a form of DLL side-loading or forcing a benign program into loading a corrupted DLL by making it think that it's a safe component. These initial the Vizom Malware elements imitate Zoom DLLs with relative precision and allow for the loading of the Vizom Malware's main banking Trojan elements and a later-downloaded RAT, or Remote Access Trojan, executable.
After compromising the Windows computer (and persisting through hijacking browser shortcuts), the Vizom Malware places itself in a position for various attacks. Malware experts highlight the below as particularly concerning:
The Trojan can generate overlays on top of the user's browser windows. Although such techniques have multifarious possibilities, the Vizom Malware uses it in tried-and-true banking Trojan fashion to imitate bank login portals and collect account credentials, like passwords.
The Vizom Malware notifies remote attackers whenever the user loads a website automatically, with an address matching a targeted banking domain to intervene for the frauds manually.
Because of its general-purpose RAT component, the Vizom Malware also can exert control over the computer's input devices, such as by typing or controlling the mouse cursor.
The Vizom Malware also includes a specialized keylogger (for recording the victim's keyboard typing) and a screen-grabber that takes screenshots and uploads them to a remote server.
Kicking the Vizom Malware Out of the Conference
All Windows users, but those in Brazil, especially, should be familiar with the peril that banking Trojan like the Vizom Malware represents to their computers and bank account reasonably. Besides taking over bank accounts and siphoning their funds, the Vizom Malware may drop other threats, disable security tools, or cause different side effects, according to the attackers' interests. Passwords and other login credentials are at an exceptionally high risk of being collected through advanced and even personalized social engineering attacks.
As always, users should view any download links from unconfirmed-as-safe sources as suspicious. E-mail attachments, obfuscated links, and messages on instant messengers and social networks like WhatsApp or Facebook always contain risks of fake software like the Vizom Malware's Zoom imitation. Links that don't show their real URLs, link addresses not exactly matching trusted websites, files with incorrect extensions, and documents or spreadsheets using inappropriate macros make up typical examples of these phishing lures.
Ordinarily, updated anti-malware services for Windows should block most related exploits, along with deleting the Vizom Malware before any of its further attacks take place. Until they confirm complete disinfection, users should be cautious of clicking on browser shortcuts, which may load the Vizom Malware automatically.
The Vizom Malware is a modernization of strategies long within Brazil's Trojan 'business' infrastructure. With sophisticated software-copying, behavioral component-loading exploitation, and a topical lure on top, it's an excellent example of why underestimating a Trojan is never wise, during a pandemic or not.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.