Mekotio Banking Trojan Threatens Financial Systems in Latin America

July 4, 2024, 10:54 a.m.

Description

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs credential theft, information gathering, and employs persistence mechanisms. The stolen data is sent back to the server for fraudulent activities. Users and organizations should follow security best practices to mitigate this threat.

Date

Published: July 4, 2024, 10:49 a.m.

Created: July 4, 2024, 10:49 a.m.

Modified: July 4, 2024, 10:54 a.m.

Indicators

a7112aa5b398fc7a77100164c818b5e17612d828320b4e3e1f895e56b4fd6797

439eecb230fb53b817ae535d6a6d978066134b4b52e49e065e9ddeff5f2bbbd3

68.233.238.122

68.221.121.160

23.239.4.149

34.117.186.192

https://techpowerup.net/cgefacturacl/descargafactmayo/eletricidad/

https://intimaciones.afip.gob.ar.kdental.cl/Documentos_Intimacion/

https://christcrucifiedinternational.org/descargafactmayo/eletricidad/

http://tudoprafrente.co:7958

intimaciones.afip.gob.ar.kdental.cl

tudoprafrente.org

tudoprafrente.co

techpowerup.net

christcrucifiedinternational.org

Attack Patterns

Mekotio

T1589

T1566

Additional Informations

Chile

Spain

Peru

Mexico

Brazil