IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Bank-targeting malware disguises itself as video conferencing software

IBM says the Vizom malware is spreading through spam-based phishing campaigns

Red skull and crossbones atop binary code

IBM Security researchers have discovered a new form of malware targeting online banking users in Brazil.

Dubbed Vizom, the malware disguises itself as popular video conferencing software and uses convincing remote overlays to take over user devices in real-time.

Research shows that hackers are delivering the malware via spam-based phishing email campaigns. According to IBM Security researchers Chen Nahman, Ofir Ozer and Limor Kessem, the new malware also uses remote overlay techniques and DLL hijacking to evade detection. 

Once embedded on a compromised PC, Vizom forms an infection chain through dynamic link library (DLL) hijacking - it force-loads malicious DLLs by naming its Delphi-based variants with unsuspecting file names found in directories of legitimate videoconferencing software. In Brazil’s case, the DLL is Cmmlib.dll, a file associated with Zoom.

What happens next is stealthy and treacherous. During an ongoing online transaction, the malware connects remotely to the compromised PC. It creates potent and believable HTML overlays and loads them in the Vivaldi internet browser in application mode. It then launches a keylogger that logs the user’s every keystroke when accessing their bank account. The malware then ships the acquired information to the attacker's command-and-control (C2) server. 

Vizom can also abuse Windows API functions, simulate mouse clicks and take screenshots.

There are no reports of hijacking in the US, but attacks have been observed across South America and Europe. 

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022