November 27, 2020
New Malware Deploys a Remote Overlay Attacks to Steal Bank Account Information

This New Malware Hijacks Victims’ Accounts by Imitating Legitimate Banking Sessions

A new form of malware uses very convincing digital overlays to fool victims and access their bank accounts without being detected…

Security researchers have uncovered a new type of malware using remote overlay attacks to strike bank accounts, primarily in Brazil. The new malware variant is called Vizom and is actively being utilized in an active campaign against the South American country via online services. Of course, since it’s internet-based, security experts worry that it could easily spread to other regions and countries.

New Malware Deploys a Remote Overlay Attacks to Steal Bank Account Information

Vizom, the new malware, spreads through spam phishing campaigns. The malicious code disguises itself as popular video conferencing software, tools that have become highly crucial to businesses around the world. Once it lands on a vulnerable Windows PC, Vizom first attacks the AppData directory. That triggers an infection chain and harnesses DLL hijakcing, allowing the malware to force-load harmful DLLs, which names its own Delphi-based variants with labels expected by the legitimate software in their directories.

The Vizom malware also drops a second payload, or a Remote Access Trojan or RAT, which is extracted from a remote server. The corruption code then runs in the background, virtually undetectable. Once present, it then quietly waits to detect when the victim is using an online banking service. Thereafter, hackers can remotely connect to compromised PCs.

At this juncture, attackers deploy overlays, which look like genuine banking sessions, and overtake said sessions to gain access to compromised financial accounts.

Owen E. Richason IV

Covers social media, apps, search and like news. History buff, movie and theme park lover. Blessed dad and husband. Owen is also a musician and is the founder of Groove Modes.          

View all posts by Owen E. Richason IV →