As it stands now, cybersecurity experts across the board are issuing out warnings against a family of banking trojans, ones targeting Latin America’s Windows users. This trojan, in particular, is keen on stealing cryptocurrencies, however.
2 Years Old And Still Growing
ESET, a popular cybersecurity firm, has recently published a report over this malware, dubbed “Mekotio.” Mekotio has reportedly been active since about March of 2018, and has seen continuous upgrades to its capabilities and attack range since its inception. The threat actors behind this malware have been targeting more than 51 banks, but the trojan seems to have shifted gears.
As it stands now, this trojan has evolved, now targeting Bitcoin instead of simply stealing banking details, which implies that Mekotio has shifted to targeting individual users, instead of just blanketing it across as many targets as possible.
The Ways Of The Enemy
Through the use of phishing emails by the hackers themselves, a malicious campaign was directed against Chile and countries within that similar region, with a few reports of people falling victim to it in Spain, as well.
As the report details, the link included within the phishing email, should a user click on it, it will download a .zip file. After the .zip file is downloaded and unzipped, a .msi installer pops up. Once the victim goes to install this, Mekotio’s attack was successful.
Daniel Kindro stands as an expert in cybersecurity at ESET, and explained that Mekotio promptly replaces the BTC wallet addresses that were copied in the clipboard. This occurs far more regular than you would imagine, as most people, when they want to transfer BTC to a wallet, opts to copy and paste the address rather than manually writing it out. This exploit promptly replaces the address the victim copied with that of the criminal’s, working with the assumption that the victim won’t notice and transfer their funds. It’s actually quite genius, which makes it all the more dangerous.
Threats Of The Modern Era
In order to avoid easy transaction tracing, Kundro warns that these actors behind Mekotio have opted to use an array of BTC wallets, instead of funneling all this stolen BTC into one address.
The report holds further warnings, however. It seems that Mekotio goes further than stealing banking and crypto details but also manages to steal passwords that web browsers have stored, as well.
As always, please don’t click on any form of suspicious links, and maintain a healthy form of security protecting your respective devices. For the most part, this is enough, with only the more high-profile individuals needing higher-tier protection.