July 8, 2024 at 06:24AM
Latin American financial institutions face a surge in cyber attacks from the Mekotio banking trojan, targeting countries like Brazil and Mexico to steal banking credentials. Trend Micro observed a rise in attacks distributing this Windows malware, as well as the emergence of a new trojan codenamed Red Mongoose Daemon, posing a threat to Brazilian end users and banking organizations.
From the meeting notes, it is clear that there is a significant cybersecurity threat targeting financial institutions in Latin America. The banking trojan known as Mekotio, also referred to as Melcoz, has been actively targeting countries such as Brazil, Chile, Mexico, Spain, Peru, and Portugal with the aim of stealing banking credentials.
It was also mentioned that Mekotio has similarities with other banking trojans like Guildma, Javali, and Grandoreiro, although the latter was dismantled by law enforcement earlier this year.
The operation was disrupted in July 2021 when the Spanish law enforcement arrested 16 individuals in connection with organizing social engineering campaigns that delivered Grandoreiro and Mekotio.
The attack chains involve the use of tax-themed phishing emails, fake pop-up windows, and malicious attachments or bogus links that lead to the deployment of the malware. Once installed, Mekotio can harvest system information, establish contact with a command-and-control (C2) server, and carry out various malicious activities such as displaying fake banking site pop-ups, capturing screenshots, logging keystrokes, and establishing persistence on the host using scheduled tasks.
Furthermore, another Latin American banking trojan called Red Mongoose Daemon has been disclosed, which aims to steal victims’ banking information, especially targeting Brazilian end users and employees of organizations with banking information.
In light of these new developments, it is evident that financial institutions in Latin America are facing persistent and evolving threats from banking trojans, and it is crucial for them to remain vigilant and implement strong cybersecurity measures to protect against these threats.