Symantec’s Threat Hunter
has released information of a trojan targeting banking concerns in Latin America. According to the data, almost 100 organizations and individuals have already been targeted. The Cloud Analytics Technology flagged the system’s detected attempts to download a suspicious file named mpr.dll into customer devices.
The download attempt was executed by Msiexec.exe and this led researchers to five files. Out of these, four looked like signed and legitimate DLL files. However, the mpr.dll file had a 588 MB size and looked highly suspicious. Researchers concluded this was the “Latin American banking Trojan” based on descriptions given at
ESET in 2020.
Based on this insight, researchers discovered the same kind of attack had been perpetrated since late August 2021 on as many as 98 BFSI entities. This trojan was also trying to infiltrate other sectors including information technology, professional services, manufacturing, financial services, and government organizations.
