The Mekotio banking trojan carries on to be utilized in new attacks, even with the arrests of people today linked with its propagation, according to a new report.
Security scientists at Verify Point Research identified the malware in new attacks and learned it takes advantage of new tactics to stay clear of detection.
“The new marketing campaign started out right just after the Spanish Civil Guard announced the arrest of 16 folks included with Mekotio distribution in July,” according to Examine Position Exploration (CPR). “It seems that the gang at the rear of the malware ended up ready to narrow the hole quickly and change methods to stay clear of detection.”
As shortly as the arrests ended up introduced, the Mekotio malware developers — believed to be dependent in Brazil — swiftly updated their malware with new functions developed to reduce detection.
Mekotio carries on to distribute phishing email messages that contain malicious one-way links or malicious .ZIP data files.
The phishing email sent to victims promises there is a digital tax receipt pending submission. When the victims click on the url in the email, a malicious .ZIP archive is downloaded from a malicious website.
An examination of extra than 100 attacks in current months unveiled the use of a basic obfuscation technique and a substitution cipher to bypass detection by cyber security goods.
As effectively as that, the trojan developers surface to have provided a batch file, which has been redesigned with numerous stages of obfuscation, and a new PowerShell script for malware. It also employs Themida, a legit application that stops the malware from cracking or reverse engineering. With these techniques, the ultimate Trojan payload is protected.
After mounted on a victim’s equipment, the Mekotio trojan tries to steal credentials for financial institutions and financial solutions and transfer them to a legal-managed command-and-manage (C2) server.
Scientists said that banking trojans are commonplace in Latin The us.
“One of the characteristics of these bankers, such as Mekotio, is the modular attack which presents the attackers the capability to change only a tiny aspect of the complete in get to keep away from detection,” researchers claimed.
“Our examination of this marketing campaign highlights the initiatives that attackers make to conceal their destructive intentions, bypass security filtering, and trick end users. To guard your self against this style of attack, be suspicious of any email or communication from a acquainted brand or corporation that asks you to click on on a backlink or open up an attached doc.”
Some parts of this posting are sourced from: