Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command
Sept. 6, 2024, 10:17 a.m.
Description
Latin America is experiencing a surge in sophisticated phishing attacks targeting financial systems, with banking Trojans like Mekotio, BBTok, and Grandoreiro re-emerging. These attacks use business transaction and judicial-related lures to compromise victims. Mekotio is expanding its targets beyond Latin America, while BBTok focuses on the region's financial sector. Both employ new techniques to evade detection, such as obfuscated scripts and abuse of legitimate Windows utilities. Manufacturing, retail, technology, and financial services are the most affected industries. The evolving tactics and broader targeting underscore the need for enhanced cybersecurity measures, including advanced threat detection systems, regular security updates, and employee education on recognizing phishing attempts.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 6, 2024, 9:53 a.m. | Sept. 6, 2024, 9:53 a.m. | Sept. 6, 2024, 10:17 a.m. |
Indicators
3a77b97ec5f98c8e1e24fd5f960f2ac3efa818125dd29a687f489121eaa2951f
e5e89824f52816d786aaac4ebdb07a898a827004a94bee558800e4a0e29b083a
d9b2450e4b91739c39981ab34ec7a3aeb33fb3b75deb45020b9c16596a97a219
07028ec2a727330a3710dba8940aa97809f47e75e1fd9485d8fc52a3c018a128
37.148.205.26
50.62.182.1
http://50.62.182.1/contadores/37.148.205.26:9095
http://37.148.205.26/contadores/m4Ii5mn.php?loTXe
http://37.148.205.26/contadores/m4Ii5mn.php?loTX=w9d2PIfe8t72FHhKOw1PN1EQWGP2ylYFYLIMtZka0UPFOkYTUjq44k8tdOQhFkfeE1u
Attack Patterns
T1218.005
T1204.001
T1059.001
T1547.001
T1055
T1036
T1140
T1027
T1566
T1078
Additional Informations
Chile
Argentina
Spain
Mexico
Brazil