Mekotio Banking Trojan Resurfaces with New Attacking and Stealth Techniques

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
The operators behind the Mekotio banking trojan have resurfaced with a shift in its infection flow so as to stay under the radar and evade security software, while staging nearly 100 attacks over the last three months.

"One of the main characteristics […] is the modular attack which gives the attackers the ability to change only a small part of the whole in order to avoid detection," researchers from Check Point Research said in a report shared with The Hacker News. The latest wave of attacks are said to primarily target victims located in Brazil, Chile, Mexico, Peru, and Spain.

The development comes after Spanish law enforcement agencies in July 2021 arrested 16 individuals belonging to a criminal network in connection with operating Mekotio and another banking malware called Grandoreiro as part of a social engineering campaign targeting financial institutions in Europe.

The evolved version of the Mekotio malware strain is designed for compromising Windows systems with an attack chain that commences with phishing emails masquerading as pending tax receipts and containing a link to a ZIP file or a ZIP file as an attachment. Clicking open the ZIP archive triggers the execution of a batch script that, in turn, runs a PowerShell script to download a second-stage ZIP file.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top