Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Sept. 6, 2024, 10:17 a.m.

Description

Latin America is experiencing a surge in sophisticated phishing attacks targeting financial systems, with banking Trojans like Mekotio, BBTok, and Grandoreiro re-emerging. These attacks use business transaction and judicial-related lures to compromise victims. Mekotio is expanding its targets beyond Latin America, while BBTok focuses on the region's financial sector. Both employ new techniques to evade detection, such as obfuscated scripts and abuse of legitimate Windows utilities. Manufacturing, retail, technology, and financial services are the most affected industries. The evolving tactics and broader targeting underscore the need for enhanced cybersecurity measures, including advanced threat detection systems, regular security updates, and employee education on recognizing phishing attempts.

External References

https://documents.trendmicro.com/images/TEx/Mekotio-and-BBTok-IOCsktvYaQ0.txt
https://otx.alienvault.com/pulse/66dad1314c00888f599a168a
Tags
mekotio
2024-09-06
bbtok

Date

  • Created: Sept. 6, 2024, 9:53 a.m.
  • Published: Sept. 6, 2024, 9:53 a.m.
  • Modified: Sept. 6, 2024, 10:17 a.m.

Indicators

  • 3a77b97ec5f98c8e1e24fd5f960f2ac3efa818125dd29a687f489121eaa2951f
  • e5e89824f52816d786aaac4ebdb07a898a827004a94bee558800e4a0e29b083a
  • d9b2450e4b91739c39981ab34ec7a3aeb33fb3b75deb45020b9c16596a97a219
  • 07028ec2a727330a3710dba8940aa97809f47e75e1fd9485d8fc52a3c018a128
  • 37.148.205.26
  • 50.62.182.1
  • http://50.62.182.1/contadores/37.148.205.26:9095
  • http://37.148.205.26/contadores/m4Ii5mn.php?loTXe
  • http://37.148.205.26/contadores/m4Ii5mn.php?loTX=w9d2PIfe8t72FHhKOw1PN1EQWGP2ylYFYLIMtZka0UPFOkYTUjq44k8tdOQhFkfeE1u
Download all indicators here!

Attack Patterns

Additional Informations

  • Chile
  • Argentina
  • Spain
  • Mexico
  • Brazil