Even experienced specialists do not always recognize new banking Trojans.
In Latin America, there has been a sharp increase in phishing attacks associated with the distribution of the dangerous banking Trojans Mekotio and BBTok. These malware threats aim to steal banking data and conduct unauthorized financial transactions.
Analysis of the latest attacks by Trend Micro researchers shows that criminals are expanding their targets by using new tricks to infiltrate victims' systems. They mostly rely on phishing emails disguised as business transaction messages or subpoenas.
Cybercriminals are adept at exploiting fear and trust. For example, emails about allegedly violated traffic rules cause users to rush and take rash actions, such as clicking on links that lead to malicious sites.
According to research for August 2024, manufacturing companies were the most frequent victims of such attacks, accounting for 26% of all recorded incidents. They are followed by retailers (18%), technology companies (16%) and the financial sector (8%).
Mekotio, known since 2018, is expanding its geography, including not only Latin America, but also some countries in Southern Europe. The malware spreads through phishing emails with attached files and uses obfuscation to hide from antiviruses.
BBTok, first spotted in 2020, is also distributed through phishing emails, but its main weapon is ZIP and ISO files with malicious scripts. In recent campaigns, attackers use "MSBuild.exe" — a legitimate Windows tool — to bypass protection.
The new version of Mekotio is showing unusual activity: the program is no longer limited to certain countries, which indicates the attackers' plans to expand beyond Latin America.
The use of legitimate programs and utilities such as «MSBuild.exe allows BBTok to sneak into systems and steal data without being noticed. During the attack, the malware establishes its presence in the system using an autorun entry in the registry, which ensures that it is activated every time the computer is turned on.
All of this underscores the need to strengthen cybersecurity measures to protect against such sophisticated attacks. Experts recommend implementing systems for early detection of threats, regularly updating security protocols, and training employees to identify phishing attacks. Timely protection and caution will help minimize risk and maintain the security of financial systems.
Source
In Latin America, there has been a sharp increase in phishing attacks associated with the distribution of the dangerous banking Trojans Mekotio and BBTok. These malware threats aim to steal banking data and conduct unauthorized financial transactions.
Analysis of the latest attacks by Trend Micro researchers shows that criminals are expanding their targets by using new tricks to infiltrate victims' systems. They mostly rely on phishing emails disguised as business transaction messages or subpoenas.
Cybercriminals are adept at exploiting fear and trust. For example, emails about allegedly violated traffic rules cause users to rush and take rash actions, such as clicking on links that lead to malicious sites.
According to research for August 2024, manufacturing companies were the most frequent victims of such attacks, accounting for 26% of all recorded incidents. They are followed by retailers (18%), technology companies (16%) and the financial sector (8%).
Mekotio, known since 2018, is expanding its geography, including not only Latin America, but also some countries in Southern Europe. The malware spreads through phishing emails with attached files and uses obfuscation to hide from antiviruses.
BBTok, first spotted in 2020, is also distributed through phishing emails, but its main weapon is ZIP and ISO files with malicious scripts. In recent campaigns, attackers use "MSBuild.exe" — a legitimate Windows tool — to bypass protection.
The new version of Mekotio is showing unusual activity: the program is no longer limited to certain countries, which indicates the attackers' plans to expand beyond Latin America.
The use of legitimate programs and utilities such as «MSBuild.exe allows BBTok to sneak into systems and steal data without being noticed. During the attack, the malware establishes its presence in the system using an autorun entry in the registry, which ensures that it is activated every time the computer is turned on.
All of this underscores the need to strengthen cybersecurity measures to protect against such sophisticated attacks. Experts recommend implementing systems for early detection of threats, regularly updating security protocols, and training employees to identify phishing attacks. Timely protection and caution will help minimize risk and maintain the security of financial systems.
Source
