Do you know who Mekotio is? It is a malicious software that aims to steal financial information, mainly credentials to access bank accounts or steal credit card information.
It was discovered for the first time in 2015, and in 2023 it continues with significant activity in several Latin American countries.
ESET Latin America, a proactive threat detection company, said that more than 70 variants of this banking trojan have been detected so far in 2023.
In this way, they carry out the theft of sensitive information from victims.
In addition to Latin American countries, there are also other countries where they are registered detection of this threat These are Spain, Italy and Ukraine, which shows that they have continued to expand their campaigns.
ESET analyzed the campaign distributed by Mekotio via electronic mail (spam) who use the issuance of an alleged invoice as bait and falsely present themselves as a well-known multinational company in Mexico.
The body of the email contains instructions for “open on Windows computer”. This is likely related to malware targeting this operating system.’
Mekotio is part of the list of banking trojans in Latin America, a family of malicious programs that have the ability to perform various actions that stand out by impersonating banks through fake pop-ups.
The message includes a link that, if clicked, downloads a ZIP file (ID-FACT.1684803774.zip) which pretends to be a supposed invoice, but when unzipped,
Windows installation file (MSI). This file contains several items.
Among them is a DLL file containing a variant of the Mekoti malware, which in this case ESET security solutions detect as Win32/Spy.Mekotio.GO.
“Besides stealing financial information, Mekotio is a Trojan capable of performing other malicious actions on a compromised computer,” says Camilo Gutiérrez Amaya, head of ESET’s Latin American Research Lab.
For example, it is capable of collecting information such as the operating system running on the victim’s computer, installed anti-fraud solutions or malware.
Also, malware It tries to stay hidden on the infected computer using startup registry keys and offers typical backdoor capabilities to attackers.
Source: Panama America
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
