A new banking malware targets victims from Portuguese and Spanish speaking countries in an attempt to steal data and possibly BTC. The information comes from the Portuguese portal Exame Informática.
The malware, a trojan called Mekotioattacks the banking applications of Latin American countries as well as Spain and Portugal.
The hackers’ tactic is to expose fake popups in order to catch victims through phishing. Mekotio has been around since 2015, but the new variant caught the attention of the Portuguese authorities. The subject contains technical information about the malware:
“”[El troyano] It shares common features with other Trojans of this type: it is written in Delphi, uses fake popups, contains backdoor functions, and tries to disguise itself as a software update. “
Once installed, The malware performs a series of activities in the background including screenshots, rebooting the computer, restricting access to banking sites, and even stealing bitcoin and sensitive data stored in Google Chrome.
Malware spreading underlining text It does this through spam, which causes victims to download a zip file.