Dark Tequila is a banking malware caught after five years of Mexican data stolen

Dark Tequila, a disciplined banking malware for data hack in Mexico, which was working in or before 2013 and was caught 5 years later.
Dark Tequila Malware

Kaspersky Lab Security Researchers have unveiled a new and complex malware that has been targeted by customers from various Mexican banking organizations since at least 2013.

Latin Dark Tequila, malware provides an advanced keylogger malware and it is under radar for several years due to its improved nature and is managed in a few strategies.

Dark Tequila has been designed to steal victims of financial information from the long list of online banking sites as well as to steal access to popular websites, login files, government files and domain registrars.

Researchers say in a blog post, "Sitemap, Plask, Online Flight Reservations System, Microsoft Office 365, IBM Lotus Notes Client, Djibra Email, BitBacket, Amazon, Go-Daddy, Register, Namchip, Dropbox, Software, Rack are targeted attak sites:".

Malware is the first of a victim's computer to be accessed via virus-phishing or infected USB devices.

Once entered, after meeting several conditions, multi-stage uploads attack the computer, which includes checking whether an infected computer has installed an antivirus or security suite or is running in an analysis environment.

In addition to this, "The threat providers behind it strictly monitor all operations as well as monitoring and if there is no interest in Mexico or there is no interest, the malware is then uninstalled from the machine," the researchers said.

Dark Tequila malware basically includes 6 primary modules, as follows: -

1. C & C - In this part, Mailer manages to communicate through the server with the command and control of the aggressive computer (C & C). It is responsible for monitoring the in-the-middle attacks and not protecting malware.

2. Clean up - If malware detects any 'suspicious' activity (such as running on a virtual machine or debugging tool), but also removes its forensic proofs as it is removed.

3. Key Logger - This module is designed to monitor the system. It steals preloaded login data (both banking as well as other popular sites)

4. Information theft - This password steals module emails and FTP clients, as well as extracted passwords saved from the browser.

5. USB Infactor - This module specifies itself and transmits additional computers via USB drive.

6. Service Watchdog - This module is responsible for ensuring that malware is running properly.

Post a Comment