A new form of malware uses very convincing digital overlays to fool victims and access their bank accounts without being detected…
Security researchers have uncovered a new type of malware using remote overlay attacks to strike bank accounts, primarily in Brazil. The new malware variant is called Vizom and is actively being utilized in an active campaign against the South American country via online services. Of course, since it’s internet-based, security experts worry that it could easily spread to other regions and countries.
New Malware Deploys a Remote Overlay Attacks to Steal Bank Account Information
Vizom, the new malware, spreads through spam phishing campaigns. The malicious code disguises itself as popular video conferencing software, tools that have become highly crucial to businesses around the world. Once it lands on a vulnerable Windows PC, Vizom first attacks the AppData directory. That triggers an infection chain and harnesses DLL hijakcing, allowing the malware to force-load harmful DLLs, which names its own Delphi-based variants with labels expected by the legitimate software in their directories.
The Vizom malware also drops a second payload, or a Remote Access Trojan or RAT, which is extracted from a remote server. The corruption code then runs in the background, virtually undetectable. Once present, it then quietly waits to detect when the victim is using an online banking service. Thereafter, hackers can remotely connect to compromised PCs.
At this juncture, attackers deploy overlays, which look like genuine banking sessions, and overtake said sessions to gain access to compromised financial accounts.