Dark Tequila, the malware attacking Mexican internet banking users

The malware was described as unusually sophisticated

Dark Tequila, the malware attacking Mexican internet banking users
The malware propagates quickly and steals personal information - Photo: Kacper Pempel/REUTERS
English 26/08/2018 12:10 Notimex Dallas, Texas Actualizada 12:18
Guardando favorito...

Leer en español

The Russian cybersecurity firm, Kaspersky Lab, discovered the cybernetic operation "Dark Tequila", aimed at banking users in Mexico and other Latin American countries, to steal data authentication, information about users and companies.

It also pointed out that "Dark Tequila" has been active since 2013, mainly in Mexico.

The main weapon of the operation is an advanced malware program that Kaspersky described as "unusually sophisticated".

Based on the analysis of the code, it is believed that the developer is Spanish-speaking and of Latin American origin.

According to Kaspersky researchers, the malware spreads through infected USB devices and "phishing" sites created on the network to trick banking users and distribute the malware.

Once the malware is on the user's computer, it connects to a remote command and control server and downloads a payload. This only happens if the malware believes it is on a genuine victim's computer and not, for example, in a quarantined analysis environment.

The malware contains a keylogger and a network monitoring tool, and it is capable of self-propagation.

This means that if the victim inserts a USB flash drive into their computer, the malware will clone itself, ready to infect another user.

In a statement, Dmitry Bestuzhev, head of the Global Research and Analysis Team of Kaspersky, emphasized the dangers "Dark Tequila" represents when they noticed that it has a global potential.

"At first glance, 'Dark Tequila' looks like any other banking Trojan, looking for information and credentials for financial gain. A deeper analysis, however, reveals a complexity of malware that is often not seen in financial threats", he said.

"The modular structure of the code and its mechanisms of obfuscation and detection help it avoid discovery and deliver its malicious load only when the malware decides it is safe to do so", he added.

"This campaign has been active for several years and new samples are still being found, so far it has only attacked targets in Mexico, but its technical capacity is adequate to attack targets anywhere in the world," he said.

Kaspersky said its products can "detect and block" malware related to "Dark Tequila".

The company also offered some generic, but still useful tips, which include disabling autostart on USB devices and preventing the connection of unknown devices and USB drives to your computer.


Guardando favorito...