Mekotio
Description
(ESET) As is common for most Latin American banking trojans, Mekotio has several typical backdoor capabilities. It can take screenshots, manipulate windows, simulate mouse and keyboard actions, restart the machine, restrict access to various banking websites and update itself. Some variants are also able to steal bitcoins by replacing a bitcoin wallet in the clipboard and to exfiltrate credentials stored by the Google Chrome browser. Interestingly, one command is apparently intended to cripple the victim’s machine by trying to remove all files and folders in C:\Windows tree.
Names
| Name |
|---|
| Mekotio |
| Metamorfo |
| Casbaneiro |
Category
Malware
Type
- Banking trojan
- Reconnaissance
- Backdoor
- Keylogger
- Info stealer
- Credential stealer
Information
- https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
- https://cofense.com/blog/autohotkey-banking-trojan/
- https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/rooty-dolphin-uses-mekotio-to-target-bank-clients-in-south-america-and-europe/
- https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
- https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/
- https://www.sygnia.co/blog/breaking-down-casbaneiro-infection-chain/
- https://www.sygnia.co/blog/breaking-down-casbaneiro-infection-chain-part2/
- https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
- https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html
- https://www.trendmicro.com/en_us/research/24/i/banking-trojans-mekotio-looks-to-expand-targets—bbtok-abuses-ut.html
Malpedia
Other Information
Uuid
a5c752a8-eefc-4ed1-9520-0e0ae67fa892
Last Card Change
2024-10-23