Bank-targeting malware disguises itself as video conferencing software

IBM says the Vizom malware is spreading through spam-based phishing campaigns

IBM Security researchers have discovered a new form of malware targeting online banking users in Brazil.

Dubbed Vizom, the malware disguises itself as popular video conferencing software and uses convincing remote overlays to take over user devices in real-time.

Research shows that hackers are delivering the malware via spam-based phishing email campaigns. According to IBM Security researchers Chen Nahman, Ofir Ozer and Limor Kessem, the new malware also uses remote overlay techniques and DLL hijacking to evade detection. 

Once embedded on a compromised PC, Vizom forms an infection chain through dynamic link library (DLL) hijacking - it force-loads malicious DLLs by naming its Delphi-based variants with unsuspecting file names found in directories of legitimate videoconferencing software. In Brazil’s case, the DLL is Cmmlib.dll, a file associated with Zoom.

What happens next is stealthy and treacherous. During an ongoing online transaction, the malware connects remotely to the compromised PC. It creates potent and believable HTML overlays and loads them in the Vivaldi internet browser in application mode. It then launches a keylogger that logs the user’s every keystroke when accessing their bank account. The malware then ships the acquired information to the attacker's command-and-control (C2) server. 

Vizom can also abuse Windows API functions, simulate mouse clicks and take screenshots.

There are no reports of hijacking in the US, but attacks have been observed across South America and Europe. 

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

What are biometrics?
Security

What are biometrics?

27 Nov 2020
Black Friday's best antivirus deals
Security

Black Friday's best antivirus deals

27 Nov 2020
Veritas Access Appliance with IBM Spectrum® Protect
Server & storage

Veritas Access Appliance with IBM Spectrum® Protect

27 Nov 2020
Ransomware protection with Veritas NetBackup Appliances
Security

Ransomware protection with Veritas NetBackup Appliances

27 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020