Remove Vizom Trojan From Your Computer | Total Security

What is the Vizom Trojan?

Visa TrojanVisa Trojan is a recently discovered computer malware that spreads in active attack campaigns. The targets are high-profile on detected activity, which means that the hacking group behind it must have expertise in virus planning. Read our in-depth analysis of the samples and learn how to eliminate active infections in this article.

Visa Trojan - Virus Infection Methods

The Vizom Trojan is a recently bundled malware targeting Brazilian online banking users. It has been named Vizon by the security engineers who performed the analysis of the code. Based on known information, it follows the familiar tactics observed by other similar banking Trojans - this is a group of computer viruses that are designed to hijack personal information. User and login information to financial services: payment portals and online banks.

These types of infections are mainly delivered through various infection strategies. Viruses are rarely shipped as direct executable files, most of the time they carry payload data - other files that, when run, will automatically deploy the virus in the background. Two of the most popular types are macro-infected documents and application installers. . The documents themselves are made in the most popular. office formats used by Internet users: presentations, databases, spreadsheets, and text documents. When users open them, a message will ask them to enable the built-in scripts to correctly view the documents. This triggers the deployment of the Trojan. On the other hand, application installers are much more varied, since hackers can, in practice, take any legitimate installation file and insert virus code into it.

All virus data can be delivered using manipulation tactics that we know from other similar malicious campaigns. They focus on the distribution of files through different means by falsifying trusted parties: friends, relatives, companies, and services. They can be hosted on similar-sounding websites that include hijacked content or even self-signed security certificates.

In a similar way, hackers can send emails that are designed in a similar way. They are based on typical templates and will attach or link relevant files. All virus-related data can also be transferred on file-sharing networks (BitTorrent) and in online communities such as social networks, chat rooms, and forums.

Visa Trojan - Virus Capabilities

The Vizom Trojan uses a DLL Hijack approach during the initial infection. The antivirus agent will be implemented in the legitimate directory structure of Microsoft Windows in DLL files. They belong to the system and by hooking to them the virus will mask their presence. The samples collected so far show that the malware will hide itself as a popular video conferencing program. This tricks Microsoft Windows into loading the code into memory.

The Vizom Trojan uses the distinctive tactic of using the legitimate Vivaldi web browser to disguise its presence. It contains components that are part of it and this will further confuse the system. This is a different kind of bypass security, an important feature. of the most advanced malware threats.

The actual functions of the Trojan will follow, various components are started when the malware agent is activated. This virus comes in an encrypted form, it will be decrypted by a special component designed to do so. At the beginning of the infection, a data collection procedure will begin. You will be assigned the task of obtaining statistical information that will be transmitted to the hacker operators. Other configuration options may be the task of creating a report of the installed hardware components, the operating system settings, and other types of data. It can be abused to commit crimes such as identity theft and financial abuse. persistent infection. It is done by modifying the browser shortcuts and running them in the background, this will keep the virus infection alive. This works with the most popular ones: Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Bank Specific Secure Browser, and Microsoft Edge.

The main objective of the malware will be to create a secure connection to a server controlled by hackers - it allows criminals to take control of systems and hijack user data. A dangerous part of the malware is the overlay functionality that automatically detects if any of the supported online banking and financial services are loaded in a web browser. It will hijack all entered information and make it available to hackers - this works for both keyboard input and mouse movement. This is also connected to the built-in keylogger function - it can also work with other services and can be run independently.

Right now, the attack campaign is focused on Brazilian targets. However, smaller campaigns have also been reported in other countries in South America and Europe. As there is no information on the hacking group, we presume they have a lot of experience to have created the malware from scratch.

Find the best total security to prevent your computer from Vizom Trojan.