One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2070108 |
| Date de publication | 2020-12-01 12:00:00 (vue: 2020-12-01 13:05:29) |
| Titre | What is Vizom malware? Everything you need to know |
| Texte | This blog was written by an independent guest blogger. Security researchers working with IBM Security recently uncovered a new malware code that is being used to attack online banking users in Brazil. Referred to as ‘Vizom’ by the team, the code utilizes remote overlay attacks to siphon sensitive financial data and make fraudulent transactions from victims bank accounts. What’s particularly concerning about Vizom is its use of malicious DLL’s (Dynamic Link Libraries) to trick the victim’s operating system before loading legitimate DLL’s in place. There has been a drastic increase in malware attacks for 2020 as cybercriminals have been eager to take advantage of the chaos of this year. Even though Vizom is currently mainly being used to target Brazilian-based accounts, there have been a handful of reports of it being used against bank accounts in other South American and European countries as well, so it’s likely to spread further. In this article, we’ll go into specifics of how Vizom works, what makes it so dangerous, and how the malware authors use DLL hijacking and overlays to their advantage. What is Vizom malware? Chen Nahman, Limor Kessem, and Ofir Ozer shocked the world when they announced that the trio had discovered a new malware that attacked people who use video conferencing software. Spam-based phishing campaigns are the starting point for the spread of the Vizom malware that disguises itself as a popular video conferencing software. Once downloaded, the malware begins work on a vulnerable operating system to begin the infection change. After getting access to an unprotected Windows PC, Vizom will first strike the AppData directory, harnessing DLL hijacking that allows the malware to forcefully download harmful DLLs. For those of you who aren’t aware, DLL or dynamic link library is a file that contains code for commonly used program functions on a PC. DLL hijacking, on the other hand, is a type of cyberattack that tries to manipulate the Windows search and load algorithm, giving a malicious hacker unauthorized access to inject code into a specific application. This is made possible through disk manipulation because of the hijacking. DLLs run Microsoft‘s Windows operating systems, putting millions of PC users across the globe at a higher risk of getting duped. Until now, it was only Brazilian bank accounts that had been getting compromised, but as noted previously there are reports of it happening in other countries as well. What is both ironic and concerning here is that video conferencing software is constantly being updated to amp up security. In fact, the whole idea of adopting DevOps methodologies like Continuous Integration and Delivery was to decrease the growing complexity involved in developing software systems. But even after all these precautions, cyberattackers are still succeeding in finding loopholes and developing new malware to exploit those loopholes. Vizom is just one example. Vizom creates variants that are expected by legitimate software in their directories In this case, Vizom names its Delphi-based variants with labels that appear to be legitimate since they are recognized in a software’s directories. IB |
| Envoyé | Oui |
| Condensat | 2020 able about abuse access account accounts across active actually additionally address adopting advanced advantage adverse after against agents alerted algorithm all allows along already also ambulation american amp announced anonymous another answer any api appdata appear application are aren’t article associated attack attacked attacker's attackers attacks authors availability aware background bad bank banking based because become becoming been before begin begins being believe benefit benefits blog blogger both bottom brazil brazilian browser browsing but campaigns can capabilities care careful case certain certainly chances change changes chaos chen choose click cmmlib code command commonly complexity compromised concerning conclusion conferencing connect connection constantly contains content continue continuous control convincingly copy corner could countries creates credentials currently cyber cyberattack cyberattacker cyberattackers cybercriminals dangerous data decrease delivery delphi deployed detect developing devops directed directories directory discovered disguises disk dll dll’s dlls done download downloaded drastic drops duped dynamic eager economy effect enables encrypt encrypted end european even every everything example expected experts exploit export extracted fact fake features file files financial find finding first followed forcefully fraudulent free from functions further get getting giving globe good growing guest hacker hackers had hand handful happening harmful harnessing has have help helped here hide higher hijacking how html ibm idea immediately including increase independent infected infection information initiation inject input inside instead integration involved ironic it’s its itself just kessem keyboard keylogger kill know labels launched left legitimate libraries library like likely limor link list load loading loads logging look loopholes made magnifier mainly major make makes making malicious malware manipulate manipulation matches mentioned methodologies microsoft‘s might millions mode modify money more movements nahman name named names need negative networks new news not noted now officials ofir once one ongoing online only operating original other out over overlay overlays ozer packaged pandemic panel particularly pass payload people perform phishing place platform point pointed popular possible precautions previously print private problem process program programs protect putting questioning quick rat rather real recently recognized reduce referred rely remote remotely removal remove reports researchers resorted risk run running safe same scarier search second secure security select sensitive sent server service services session several shocked shortcuts should simple since siphon situation smarter software software’s soon south spam specific specifics spread start starting steal step steps stop strike succeeding suspicious switch system systems tactics take takes tampered target team technology them then therefore these those though through time title tools transactions trick tricked tries trio trojan turn type unauthorized uncovered undetectable undetected unfamiliar uninstall unintentional unprotected until updated use use: used useful users uses using usual utilizes variants very victim victim’s victims video virtual virtually vivaldi vizom vpns vulnerable way we’ll webpage’s well what what’s when which who whole will windows won’t work working works world worry would written year your zoom |
| Tags | Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.