An advanced form of banking malware has been targeting users in Latin America since at least 2013, Kaspersky Lab researchers report. Most victims are in, or connected to, Mexico.
The malware, dubbed "Dark Tequila," carries a multistage payload and spreads to victims via spear-phishing emails and infected USB devices. Its primary focus is stealing financial information; however, once on a target machine, it lifts credentials to other popular websites, business and personal email addresses, domain registers, and file storage accounts.
Dark Tequila and its supporting infrastructure are "unusually sophisticated" for financial fraud schemes, researchers say, and pack several features to evade detection. For example, the payload is delivered onto an endpoint only if certain technical conditions are met. If the malware detects a security solution or network monitoring activity, it stops the infection.
If it lands on a machine and doesn't detect security monitoring or analysis, Dark Tequila activates a local infection and copies an executable file to run automatically. This way, the malware can move throughout the network offline after infecting only one endpoint.
It's believed the actor behind Dark Tequila is Spanish-speaking and native to Latin America.
Read more details here.
Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info.