Tuesday, August 21, 2018

"Dark Tequila" - Advanced Keylogger that as been targeting customers of several Mexican banking institutions since at least 2013 and was discovered recently



Dark Tequila has primarily been designed to steal victims’ financial information from a long list of online banking sites, as well as login credentials to popular websites, ranging from code versioning repositories to public file storage accounts and domain registrars

The list of targeted sites includes "Cpanels, Plesk, online flight reservation systems, Microsoft Office 365, IBM Lotus Notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services,"

Once executed, a multi-stage payload infects the victim's computer only after certain conditions are met, which includes checking if the infected computer has any antivirus or security suite installed or is running in an analysis environment.

Besides this, "the threat actor behind it strictly monitors and controls all operations. If there is a casual infection, which is not in Mexico or is not of interest, the malware is uninstalled remotely from the victim’s machine," the researchers say.


https://thehackernews.com/2018/08/mexico-banking-malware.html

No comments:

Post a Comment