Banking Trojan Expands Its Scope – Mekotio Now Targets Cryptocurrencies Across Latin America | Cyware Alerts


Mekotio banking Trojan, originally known for targeting banking customers in Chile, has been expanding its scope both geographically and tactically. Mekotio is the second banking malware observed doing this within this week. Previously, the BlackRock Android malware was spotted expanding its scope by targeting non-financial applications.

Mekotio expands across Latin America

Mekotio Trojan operators have been regularly updating their malware to cover more financial organizations across several Latin American countries, as well some new enhancements have been observed recently.

  • Researcher found several variants of Mekotio Trojan that were registered to specifically target users in Spain. Besides normal banking services, it would also targeted e-banking users from a small set of countries.
  • The malware spreads through spam emails that use social engineering tactics, like impersonating the identity of government or private agencies to lure the users into clicking on malicious links included in the message body. 
  • Mekotio can steal banking credentials stored in some web browsers such as Google Chrome and Opera. Additionally, it has been updated with the functionality of replacing the bitcoin wallet addresses copied to the clipboard by the attacker’s wallet address.

A brief history of Mekotio

Since its first detection in March 2018, Mekotio’s developers have been making gradual improvements in this Windows-based malware, which is developed in Embarcadero Delphi.

  • In July 2018, the Mekotio malware was seen targeting Chilian users, by impersonating the identity of the Chilean Courier company Chilexpress, spreading malicious code that seeks to steal personal information from unsuspecting users who follow email links.
  • In May 2019, Mekotio evolved further, adding several layers of obfuscation in the code, using social engineering techniques via emails to impersonate known entities in Chile.
  • In Aug 2019, some samples of Mekotio were observed posing as a Chilean telephone service company to targets its victims. By now, it had moved outside Chile and spread across Brazil, Peru, Columbia, and India.

Current coverage

As of now, Mekotio malware has a presence in Chile (having the highest detection), followed by Brazil and Mexico (medium level of detection), and then Peru, Colombia, Argentina, Ecuador, and Bolivia.



Source link

Recent articles

15:30:45:60 – A Wait Time Discussion of Magic Kingdom

Editor’s Note: Some of the images that are displayed throughout this article were taken prior to the establishment of any new operational guidelines...

US: Trump’s attacks on mail-in votes could cost Republicans | News

With less than 90 days until election day, Republicans are scrambling to counter the effects of United States President Donald Trump's verbal war...

TUI adopts ‘partner-friendly’ airline strategy amid Condor speculation | News

TUI Group’s ambition to have fewer assets on its balance sheet means its airline operations will become more “partner-friendly”, according to the European...

Horizon Zero Dawn Complete Edition sees PC release today – PlayStation.Blog

Horizon Zero Dawn Complete Edition launches today for PC. Horizon Zero Dawn is set in a stunning post-post-apocalyptic world you can lose yourself...

Google Threat Analysis Group took down ten influence ops in Q2 2020Security Affairs

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken...

Marvel’s Avengers – New Gameplay Today Live

After years of anticipation, Marvel's Avengers is almost here. But before we get to the full release of Crystal Dynamics' take on Earth's...

Leave a reply

Please enter your comment!
Please enter your name here