Latin American Financial Systems Under Siege: Mekotio Banking Trojan Threatens Peru

Sophisticated Malware Targets Spanish- and Portuguese-Speaking Countries

A recent surge in cyber attacks has been reported in Latin America, with a notorious banking trojan known as Mekotio wreaking havoc on financial systems. This malware, which has been active since 2015, is part of a quartet of banking trojans that have been infecting devices in the region.

The Mekotio Malware: A Persistent Threat

Mekotio operates by distributing fake tax-themed phishing emails that aim to trick recipients into opening malicious attachments or clicking on bogus links. Once installed, it harvests system information and establishes contact with a command-and-control server to receive further instructions.

Key Features of the Mekotio Malware:

• Fake Pop-ups: Impersonates legitimate banking sites to steal banking credentials
• Data Harvesting: Captures screenshots, logs keystrokes, steals clipboard data
• Persistence: Establishes persistence on the host using scheduled tasks

The stolen information can be used by threat actors to gain unauthorized access to users’ bank accounts and perform fraudulent transactions.

A Growing Concern in Latin America

Trend Micro has observed a surge in cyber attacks distributing Mekotio, warning that this banking trojan is a persistent and evolving threat to financial systems, especially in Latin American countries.

Red Mongoose Daemon: Another Latin American Banking Trojan

Mexican cybersecurity firm Scitum recently disclosed details of a new banking trojan codenamed Red Mongoose Daemon. This malware uses similar tactics to steal victims’ banking information, further highlighting the growing concern for individuals and organizations in Peru.

Staying Vigilant Against Sophisticated Cyber Threats

As the threat landscape continues to evolve, it’s essential for individuals and organizations in Peru to remain vigilant against these sophisticated cyber threats.