Today > | 5 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Sept. 6, 2024, 10:17 a.m.

Description

Latin America is experiencing a surge in sophisticated phishing attacks targeting financial systems, with banking Trojans like Mekotio, BBTok, and Grandoreiro re-emerging. These attacks use business transaction and judicial-related lures to compromise victims. Mekotio is expanding its targets beyond Latin America, while BBTok focuses on the region's financial sector. Both employ new techniques to evade detection, such as obfuscated scripts and abuse of legitimate Windows utilities. Manufacturing, retail, technology, and financial services are the most affected industries. The evolving tactics and broader targeting underscore the need for enhanced cybersecurity measures, including advanced threat detection systems, regular security updates, and employee education on recognizing phishing attempts.

Date

Published: Sept. 6, 2024, 9:53 a.m.

Created: Sept. 6, 2024, 9:53 a.m.

Modified: Sept. 6, 2024, 10:17 a.m.

Indicators

3a77b97ec5f98c8e1e24fd5f960f2ac3efa818125dd29a687f489121eaa2951f

e5e89824f52816d786aaac4ebdb07a898a827004a94bee558800e4a0e29b083a

d9b2450e4b91739c39981ab34ec7a3aeb33fb3b75deb45020b9c16596a97a219

07028ec2a727330a3710dba8940aa97809f47e75e1fd9485d8fc52a3c018a128

37.148.205.26

50.62.182.1

http://50.62.182.1/contadores/37.148.205.26:9095

http://37.148.205.26/contadores/m4Ii5mn.php?loTXe

http://37.148.205.26/contadores/m4Ii5mn.php?loTX=w9d2PIfe8t72FHhKOw1PN1EQWGP2ylYFYLIMtZka0UPFOkYTUjq44k8tdOQhFkfeE1u

Attack Patterns

T1218.005

T1204.001

T1059.001

T1547.001

T1055

T1036

T1140

T1027

T1566

T1078

Additional Informations

Chile

Argentina

Spain

Mexico

Brazil