Names | Mekotio Metamorfo Casbaneiro | |
Category | Malware | |
Type | Banking trojan, Reconnaissance, Backdoor, Keylogger, Info stealer, Credential stealer | |
Description | (ESET) As is common for most Latin American banking trojans, Mekotio has several typical backdoor capabilities. It can take screenshots, manipulate windows, simulate mouse and keyboard actions, restart the machine, restrict access to various banking websites and update itself. Some variants are also able to steal bitcoins by replacing a bitcoin wallet in the clipboard and to exfiltrate credentials stored by the Google Chrome browser. Interestingly, one command is apparently intended to cripple the victim’s machine by trying to remove all files and folders in C:\Windows tree. | |
Information | <https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/> <https://cofense.com/blog/autohotkey-banking-trojan/> <https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/rooty-dolphin-uses-mekotio-to-target-bank-clients-in-south-america-and-europe/> <https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/> <https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.mekotio> |
Last change to this tool card: 04 November 2021
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
Unknown groups | |||||
_[ Interesting malware not linked to an actor yet ]_ |
1 group listed (0 APT, 0 other, 1 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |