A Banking Trojan That Steals Crypto Is Targeting Latin American Users

Cybersecurity specialists are warning a couple of household of banking trojans that focus on Home windows customers throughout Latin America, however this trojan occurs to give attention to stealing cryptocurrencies.

In response to a report revealed by cybersecurity agency ESET, the malware is called “Mekotio” and has been energetic since roughly March 2018. Since then, risk actors have been repeatedly upgrading the capabilities and vary of assault, principally recognized by focusing on over 51 banks.

However now the trojan is specializing in Bitcoin (BTC), as an alternative of simply stealing banking particulars. This suggests that Mekotio is focusing on particular person customers.

Spain can also be on Mekotio’s radar

The malicious campaigns have been delivered by means of phishing emails by the hackers, and are directed principally towards Chile and different nations in that area. Nonetheless, there have been some instances in Spain reported.

The analysis specifies {that a} hyperlink is included inside the e-mail physique, the place customers click on on it and obtain a .zip file. As soon as the person unzips the file, a .msi installer seems. If the person installs it, Mekotio’s assault is profitable.

Daniel Kundro, a cybersecurity professional at ESET, defined that Mekotio replaces the BTC pockets addresses copied within the clipboard. If the sufferer desires to make a crypto switch by copying and pasting a pockets tackle as an alternative of writing it manually, the exploit replaces the sufferer’s pockets tackle with the felony’s.

A number of cybercriminals’ BTC pockets addresses concerned within the assault

Kundro warns that cybercriminals behind Mekotio don’t use a single pockets tackle to obtain their stolen BTC. They usually use a number of BTC wallets to keep away from straightforward transaction tracing.

However the trojan isn’t restricted to only stealing crypto and banking particulars — it additionally deploys an assault to steal passwords saved in internet browsers.

In response to a current examine by Group-IB, a ransomware referred to as ProLock depends on the Qakbot banking trojan to launch the assault and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the information.

Cryptocurrencies forensics specialists from Xrplorer additionally warned on June 15 of an elaborate phishing rip-off the place hackers attempt to steal the key keys of XRP customers, below the false premise that Ripple is giving freely tokens.