Mekotio Banking Trojan Threatens Financial Systems in Latin America
July 4, 2024, 10:54 a.m.
Tags
External References
Description
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs credential theft, information gathering, and employs persistence mechanisms. The stolen data is sent back to the server for fraudulent activities. Users and organizations should follow security best practices to mitigate this threat.
Date
Published: July 4, 2024, 10:49 a.m.
Created: July 4, 2024, 10:49 a.m.
Modified: July 4, 2024, 10:54 a.m.
Indicators
a7112aa5b398fc7a77100164c818b5e17612d828320b4e3e1f895e56b4fd6797
439eecb230fb53b817ae535d6a6d978066134b4b52e49e065e9ddeff5f2bbbd3
68.233.238.122
68.221.121.160
23.239.4.149
34.117.186.192
https://techpowerup.net/cgefacturacl/descargafactmayo/eletricidad/
https://intimaciones.afip.gob.ar.kdental.cl/Documentos_Intimacion/
https://christcrucifiedinternational.org/descargafactmayo/eletricidad/
http://tudoprafrente.co:7958
intimaciones.afip.gob.ar.kdental.cl
tudoprafrente.org
tudoprafrente.co
techpowerup.net
christcrucifiedinternational.org
Attack Patterns
Mekotio
T1589
T1566
Additional Informations
Chile
Spain
Peru
Mexico
Brazil