A banking trojan stealing cryptocurrency is targeting Latin American users

Cyber ​​security experts warn A family of banking Trojans targeting Windows users in Latin America. However, this Trojan focuses on the theft of cryptocurrencies.

According to a report by cyber security company ESET, the malware is known as “Mekotio” and has been active since around March 2018. Since then, the creators of the threat have continuously improved the capabilities and scale of the attack. Mainly known for attacking more than 51 banks.

But now the Trojan is focusing on Bitcoin (BTC) instead of just stealing bank details. This means that Mekotio is aimed at individual users.

Spain is also on the Mekotio radar

A banking trojan stealing cryptocurrency is targeting Latin American users
A banking trojan stealing cryptocurrency is targeting Latin American users

Malicious campaigns have been carried out Phishing emails from hackers, And you are mainly for Chile and other countries in this region. Nevertheless, some cases have been reported in Spain.

The investigation found that there is a link in the body of the email, click on the user and download a zip file. Once the user has extracted the file, an MSI installer will appear. If the user installs it, the mekotio attack is successful.

Daniel Kundro, a cyber security expert from ESET, explained this Mekotio replaces the BTC wallet addresses copied to the clipboard. If the victim wants to perform a crypto transfer by copying and pasting a wallet address instead of typing it in manually, the exploit replaces the victim’s wallet address with that of the criminal.

BTC wallet addresses of various cybercriminals were involved in the attack

Kundro warns that the cybercriminals behind Mekotio don’t use a single wallet address to get their stolen BTC. They often use multiple BTC wallets to avoid easy transaction tracking.

However, the Trojan not only limits itself to the theft of cryptocurrencies and bank data, it also carries out an attack to steal passwords stored in web browsers.

According to a recent study by Group-IB, ransomware known as ProLock relies on the Qakbot banking trojan to launch the attack and asks the victims for six-figure ransom payments in US dollars paid in BTC for the files to decrypt.

Xrplorer forensic cryptocurrency experts also warned on June 15 of an ingenious phishing scam in which hackers attempt to steal XRP users’ secret keys, under the false assumption that Ripple is giving away tokens.

Similar Posts