Wednesday, 22 August 2018

On 11:29 by admin   No comments
Dark Tequila Bank Malware Kaspersky Lab security researchers have discovered a new, complex malware campaign that has been targeted at customers of several Mexican banking institutions since at least 2013. The event 
is called Dark Tequila, the event provides an advanced keylogger malware can be vigilant in five years. It is highly targeted and has some evasive techniques. 

Dark Tequila is primarily used to steal victim financial information from a long list of online banking websites, as well as login credentials from popular websites, including code version repositories, public file storage accounts, and domain registrars. 

The list of target sites includes "Cpanels, Plesk, Online Flight Booking System, Microsoft Office 365, IBM Lotus Notes Client, Zimbra Email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace and other services", Researchers Said in a blog post. 
Malware is first transmitted to the victim's computer via spear phishing or infected USB devices. 

Once executed, the multi-stage payload will only infect the victim's computer if certain conditions are met, including checking if the infected computer has any anti-virus or security suites installed, or whether it is running in an analytics environment. 

In addition, "the threat actors behind it strictly monitor and control all operations. If there is an accidental infection that is not in Mexico or is not of interest, malware will be installed remotely from the victim's machine," the researchers said. 

The Dark Tequila malware basically consists of six main modules, as follows: 
1. C&C - This part of the malware manages communication between infected computers and command and control (C&C) servers, and is also responsible for monitoring man-in-the-middle attacks against malware. analysis.
2. CleanUp - When malware detects any "suspicious" activity (such as running on a virtual machine or debugging tool), it will perform a full cleanup of the infected system, remove the persistent service, and its forensic existence. . 
3. Keylogger - This module is designed to monitor the system and record keystrokes to steal login credentials for pre-loaded site listings, including bank sites and other popular sites. 
4. Information Stealing Program - This password stealing module extracts saved passwords from email and FTP clients and browsers. 
5. USB Infector - This module copies itself and infects other computers via a USB drive. It copies the executable to a removable drive that runs automatically when plugged into another system. 
6. Service Monitor - This module is responsible for ensuring that malware is functioning properly. 

According to the researchers, Black Tequila is still active and can be deployed anywhere in the world, attacking any target based on the threats of its actors behind it. 
To protect yourself, we recommend that you always be alert to suspicious emails and keep a good anti-virus solution to prevent such threats from infecting you or your network. 
Most importantly, avoid connecting untrusted removable and USB devices to your computer and consider disabling autorun on USB devices.


Post a comment