Wednesday, January 20, 07:03
Home security The banking trojan Mekotio represents notifications for updates

The banking trojan Mekotio represents notifications for updates

A flexible banking Trojan targeting users in Latin America is circulating in many countries, such as Mexico, Brazil, Chile, Spain, Peru and Portugal.

Malware ensures persistence on infected systems and has advanced features such as planting backdoors, stealing bitcoin and extracting credentials.

trojan bitcoin Mekotio

Under the name Mekotio, the trojan collects sensitive information from victims' computers, such as firewall configuration, operating system, if administrator rights and the status of any installed products are enabled antivirus.

One specific behavior for Mekotio is the use of system pop-ups that impersonate system updates.

The Windows pop-up window below contains an error message in Portuguese that states, “We are currently performing security updates on the site! Please try again later! ”

“The Mekotio has several typical backdoor features. It can take screenshots, manipulate windows, simulate mouse actions and keyboard, restart the machine, limit it access "on various banking websites and to inform himself," ESET explained in a report released this week.

Some variants of the trojan can also violate encryption by replacing a Bitcoin wallet address on the clipboard and retrieving saved passwords from your web browser Chrome.

The Trojan is distributed via phishing

ESET research has shown that spam phishing seems to be the primary mode of distribution utilized by the creators of Mekotio.

The email pretends to contain a receipt, but has links that download a malicious one ZIP file associated with this malware.

The trojan is known to have been around since at least 2015. Since 2018, researchers have observed 38 different distribution chains used by Mekotio and other similar strands.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

00:02:49

The creator of PUBG is planning an IPO worth $ 27,2 billion!

https://www.youtube.com/watch?v=ZE1qwCJCXl0 Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...
00:02:10

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...