Hive0147 serving juicy Picanha with a side of Mekotio

Tags

External References

• https://securityintelligence.com/
• https://otx.alienvault.com/

Description

IBM X-Force observed Hive0147, a highly active threat group in Latin America, distributing a new Golang-based downloader named Picanha to deploy the Mekotio banking trojan. Picanha is a two-stage malware that uses advanced techniques like direct syscalls and supports multiple download URLs, reliable encryption, and sophisticated in-memory execution. Mekotio is a Delphi-based banking trojan that targets various banking applications in Latin America, employing tactics like fake login windows, QR code manipulation, and stealing credentials. The malware establishes persistence, enumerates the system, and resolves its command-and-control servers using a domain generation algorithm (DGA). Hive0147's operations highlight the evolving threats targeting the growing digital landscape in Latin America.

Date