This Scary Malware Can Cripple Your PC — How to Protect Yourself

This Scary Malware Can Cripple Your PC — How to Protect Yourself

A dangerous banking Trojan is targeting people in Brazil, Chile, Mexico, Spain, Peru, and Portugal, warn researchers at the world's best anti-virus company.

They say the Mekotio banking Trojan, which first began circulating on the Web five years ago, has accumulated sophisticated backdoor capabilities in that time.

According to researchers at cybersecurity firm ESET, the Trojan "takes screenshots, reboots infected machines, restricts access to legitimate banking websites, and in some variants steals bitcoins and Google Chrome browser stored It can even "leak authentication information," he said.

In a blog post, ESET noted Mekotio's similarities to other banking Trojans it has investigated in the past, including that it is "written in Delphi, uses fake pop-up windows, and includes a backdoor function."

Mekotio can even make itself appear "unsuspecting" by posing as a security update "using a specific message box" and then deceiving the user.

As well as this, the malware can leak detailed information about firewall settings, administrative privileges, Windows version information, and security solutions installed on the device.

After infecting a machine with malware, the threat actors can even "cripple the victim's machine by attempting to delete all files and folders in the C:Windows tree."

Robert Šuman, who leads the Mekotio research team, says: "For researchers, the most notable features of the latest variant of this malware family are its use of an SQL database as a C&C server and its primary execution method, which is the legitimate AutoIt interpreter as the primary method of execution.

The researchers also investigated Mekotio's distribution channels and found that it is primarily done through spam. Overall, researchers found 38 distribution chains.

ESET added that "most of these chains consist of multiple stages, ultimately downloading a ZIP archive," which is "a well-known behavior of banking Trojans in Latin America."

Suman added, "Mekotio has followed a rather chaotic development path and its functionality changes very frequently. From internal versioning, ESET believes that multiple variants are being developed simultaneously.

ESET security specialist Jake Moore told Tom's Guide: "This is a reminder again to be careful what you download. While it is very difficult to spot a Trojan horse instantly, there are ways to spot a wolf in sheep's clothing. First, one should always check the source of any e-mail that invites you to click on or download an attachment.

Additionally, "reviews (if possible) and the number of downloads are the next clues. If the reviews suggest something, or if the download count is much lower than you expect to see, it is time to avoid it.

"Research is your best friend when it comes to downloading something to your device, but if you have something unknown placed on your device, it comes with attendant risks, of course.

Categories