Latin America’s Banking Sector Under Siege: Mekotio and BBTok Threat Escalates
Latin America is experiencing a sharp rise in phishing attacks linked to the distribution of dangerous banking trojans Mekotio and BBTok. These malicious programs are designed to steal banking credentials and execute unauthorized financial transactions.
Analysis of recent attacks, conducted by Trend Micro researchers, reveals that cybercriminals are expanding their targets, employing new tricks to infiltrate victims’ systems. They predominantly rely on phishing emails disguised as notifications about business transactions or court summonses.
Cybercriminals skillfully exploit fear and trust. For instance, emails alleging traffic violations prompt users to act hastily, leading them to click on links that direct them to malicious sites.
According to research from August 2024, manufacturing companies have become the most frequent victims of such attacks, accounting for 26% of all recorded incidents. They are followed by retail companies (18%), tech enterprises (16%), and the financial sector (8%).
Mekotio, known since 2018, has been expanding its geographic reach, targeting not only Latin America but also several Southern European countries. The malware is distributed via phishing emails with attached files and employs obfuscation techniques to evade antivirus detection.
BBTok, first detected in 2020, also spreads through phishing emails, but its primary weapon is ZIP and ISO files containing malicious scripts. In recent campaigns, attackers have been using “MSBuild.exe” — a legitimate Windows tool — to bypass security defenses.
The new version of Mekotio exhibits unusual behavior: the malware is no longer confined to specific countries, indicating the attackers’ intent to expand beyond Latin America.
By leveraging legitimate programs and utilities like “MSBuild.exe,” BBTok can infiltrate systems undetected and steal sensitive data. During the attack, the malware establishes persistence by creating an autorun registry entry, ensuring it activates each time the computer is powered on.
All of this underscores the need to strengthen cybersecurity measures to defend against such sophisticated attacks. Experts recommend implementing early threat detection systems, regularly updating security protocols, and conducting employee training to identify phishing attempts. Timely protection and vigilance can minimize risk and safeguard financial systems from compromise.
