Financial Crime World

Here is the rewritten article in markdown format:

Cybersecurity Threats to Financial Institutions in Peru: Mekotio Banking Trojan Resurfaces

The Mekotio banking trojan has re-emerged as a significant threat to financial institutions and individuals across Latin America, including Peru. This malware, active since 2015, has primarily targeted countries such as Brazil, Chile, Mexico, Spain, and Peru, focusing on stealing sensitive information like banking credentials.

How Does It Spread?

Researchers from Trend Micro have noticed an uptick in the use of Mekotio across campaigns, revealing that it typically infiltrates systems through phishing emails claiming to be from tax agencies. These messages often contain malicious ZIP file attachments or links that download and execute the malware on the victim’s system.

What Does Mekotio Do?

Once activated, Mekotio gathers system information, establishes a connection with a command-and-control server, and performs several operations on infected systems. It:

  • Steals login credentials by displaying fake pop-ups mimicking legitimate banking sites
  • Captures screenshots
  • Logs keystrokes
  • Steals clipboard data
  • Employs tactics like adding itself to startup programs or creating scheduled tasks to maintain its presence on infected systems

How Does Mekotio Evade Detection?

Several security researchers have investigated previous campaigns involving Mekotio, noting it as a geolocation-specific Trojan that evades detection by using malicious DLL files. Victims may be restricted from accessing legitimate banking websites after infection.

Combatting Mekotio

To combat threats like Mekotio, researchers advise maintaining proper practices, including:

  • Being skeptical of unsolicited emails
  • Verifying the sender’s email address
  • Avoiding clicking on links and downloading attachments unless absolutely certain of the sender’s identity
  • Verifying sender identity by contacting them through known contact details
  • Using email filters and anti-spam software
  • Reporting phishing attempts to IT and security teams

Indicators of Compromise

Indicators of compromise include file hashes and command-and-control servers. The researchers have shared potential indicators of compromise, including:

  • File hashes
  • Command-and-control servers

Conclusion

By adhering to these guidelines, maintaining vigilance, and scrutinizing possible attack indications, organizations and individuals can significantly reduce their risk of falling victim to the Mekotio banking trojan.