Vizom Banking Malware Disguised as Video Conferencing Software

Summary

IBM Security Trusteer researchers discovered a new malware, dubbed Vizom, actively targeting online banking users primarily in Brazil. Although Vizom is seen in South America and Europe, it can also be adapted to target other parts of the world, including the US. Vizom is downloaded via malspam and phishing campaigns and uses DLL hijacking to hide as legitimate video conferencing software in Windows directories. It then monitors the user’s browsing and compares the browser window title to key target strings. Once it detects a bank on the target list, threat actors are alerted and they use remote overlay techniques to take over devices and bank accounts in real-time, as well as steal passwords and other information to commit fraudulent transactions.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to exercise caution with links and attachments received from unknown contacts, confirm the email’s legitimacy via a separate means of communication, navigate directly to authentic vendor websites, keep applications up to date, enable multi-factor authentication where available, and implement a defense-in-depth cybersecurity strategy. We also recommend reviewing the NJCCIC product  Don’t Take the Bait! Phishing and Other Social Engineering Attacks and the NJCCIC’s Cybersecurity Best Practices webpage for more information on how to keep accounts and data safe. For more technical details and IOCs, please review the IBM Security Intelligence post.