Post Now

Dark Tequila Banking Malware Targets Mexican banking Institutions since 2013

Image

Security researchers have discovered a new banking malware strain named Dark Tequila targeting customers of several Mexican banking institutions

Security researchers have discovered a new banking malware strain named Dark Tequilatargeting customers of several Mexican banking institutions.Researchers from Kaspersky Labs said that the campaign has been active since at least 2013. The malware carries a multistage payload and is spread via spear-phishing and infection by USB device.“The Dark Tequila malware and its supporting infrastructure are unusually sophisticated for a financial fraud operation. The malicious implant contains all the modules required for the operation and, when instructed to do so by het command server, different modules decrypt and activate. All stolen data is uploaded to the server in encrypted form.” said in the blog post published by Researchers from Kaspersky LabsThe payload will be delivered to the system only after certain condition are met such as checking whether the infected system has any antivirus software installed on it or is running in an analysis environment.The Dark Tequila malware has 6 modules which are as follows:

  1. The first module manages the communication with the command and control server and also monitors man in the middle attacks.
  2. Module two is responsible for clean up. If the malware detects any suspicious activity such as running on a virtual machine or that debugging tools are running in the background. The malware performs a full clean up of the infected system, removing the persistence service as well as any files created previously on the system.
  3. The third module is a combination of keylogger and windows monitor which is designed to steal credentials from a list of websites which includes banking website and other websites also.
  4. The fourth module is designed to steal saved passwords in saved passwords in email, FTP clients, and browsers.
  5. The fifth module copies an executable file to a removable drive to run automatically when it is connected to other systems.
  6. The sixth module is responsible for making sure that the malware is running properly.
Most of the victims affected are located in Mexico and attackers behind the campaign strictly monitor and control all operations and if there is a casual infection outside Mexico or is not of interest the malware will be uninstalled remotely from the infected device.Researchers said that the campaign is still active and is designed to deploy in any part of the world to attack any target.
You may be interested in reading: New Necurs Botnet Phishing Campaign Target Banks