Mekotio Banking Trojan Resurges, Targeting Latin American Financial Systems

A new wave of cyberattacks utilizing the sophisticated Mekotio banking trojan is raising alarms across Latin America, according to a recent report by Trend Micro Research. The malware, active since 2015 and primarily targeting countries like Brazil, Chile, and Mexico, has resurfaced with renewed vigor, exploiting unsuspecting victims through phishing emails disguised as urgent tax notices.

Mekotio attack chain

Once a user interacts with a malicious attachment or link, Mekotio infiltrates their system, siphoning sensitive data and establishing a connection with a command-and-control server. The trojan’s primary objective is to harvest banking credentials through deceptive pop-up windows mimicking legitimate bank sites. Additionally, Mekotio captures screenshots, logs keystrokes, and pilfers clipboard data, further compromising user security.

Trend Micro emphasizes the importance of adopting a multi-layered defense strategy to mitigate the risks posed by Mekotio and similar threats. This includes:

• Heightened vigilance: Exercise caution when dealing with unsolicited emails, especially those claiming unpaid tax obligations.
• Scrutinizing email content: Verify sender addresses, check for grammatical errors, and avoid clicking on suspicious links or downloading attachments.
• Sender verification: If in doubt, directly contact the sender through known channels to confirm the email’s authenticity.
• Robust email security: Utilize email filters and anti-spam software to block phishing attempts.
• Employee education: Conduct regular cybersecurity awareness training to educate employees about phishing and social engineering tactics.
• Prompt reporting: Encourage users to report suspected phishing emails to IT and security teams.