Mekotio Banking Trojan Threatens Financial Systems in Latin America

July 4, 2024, 10:54 a.m.

Description

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs credential theft, information gathering, and employs persistence mechanisms. The stolen data is sent back to the server for fraudulent activities. Users and organizations should follow security best practices to mitigate this threat.

External References

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/g/mekotio/mekotio-banking-trojan-threatens-financial-systems-in-latin-america.txt
https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html
https://otx.alienvault.com/pulse/66867e1fa39cf80103eaff43
Tags
credential theft
banking trojan
2024-07-04
mekotio

Date

  • Created: July 4, 2024, 10:49 a.m.
  • Published: July 4, 2024, 10:49 a.m.
  • Modified: July 4, 2024, 10:54 a.m.

Indicators

  • a7112aa5b398fc7a77100164c818b5e17612d828320b4e3e1f895e56b4fd6797
  • 439eecb230fb53b817ae535d6a6d978066134b4b52e49e065e9ddeff5f2bbbd3
  • 68.233.238.122
  • 68.221.121.160
  • 23.239.4.149
  • 34.117.186.192
  • https://techpowerup.net/cgefacturacl/descargafactmayo/eletricidad/
  • https://intimaciones.afip.gob.ar.kdental.cl/Documentos_Intimacion/
  • https://christcrucifiedinternational.org/descargafactmayo/eletricidad/
  • http://tudoprafrente.co:7958
  • intimaciones.afip.gob.ar.kdental.cl
  • tudoprafrente.org
  • tudoprafrente.co
  • techpowerup.net
  • christcrucifiedinternational.org
Download all indicators here!

Attack Patterns

  • Mekotio

Additional Informations

  • Chile
  • Spain
  • Peru
  • Mexico
  • Brazil