Banking Trojan Mekotio Now Targets Cryptocurrencies
According to cyber-security firm ESET, the trojan Mekotio, which is known for stealing banking credentials, now directly targets cryptocurrencies.
Once downloaded on the victim’s device, Mekotio detects the user’s attempts to visit an online bank, replaces the login window with a fake one, and sends the input data to a remote server.
Now, Mekotio is able to replace crypto-wallet addresses. The trojan replaces the destination address with that of the hacker if the victim pastes the wallet number from the clipboard, instead of typing manually.
Usually, victims download the trojan during phishing attacks. Oftentimes, the sender poses as a renowned company or a government institution, with the message including a link that downloads a .zip archive with an .msi installer. Should the victim unarchive and install it, the attack is successful.
Infection scheme / Source: ESET
ESET recommends users to avoid downloading attachments from unknown senders, double-check links, and update their software on a regular basis.
Earlier today, forklog.media reported that Lazarus, a hacker group associated with North Korea, intensified its cyber-attacks to steal cryptocurrencies. The hackers have been releasing crypto-trading apps having an embedded trojan, namely, AppleJeus for macOS and Bluenoroff for Windows. Using the trojans, the hackers reportedly steal user access to crypto-wallets and exchanges.
Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.
Subscribe to our Newsletter<
- Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
- Malware App Fakes Postal Service to Steal User Personal Data and Manipulate SMS Messages
- Amnesty Tech Exec: NSO Group’s Malicious Spyware Is Enabling State-Sponsored Repression of Human Rights Defenders
- Google Chrome Extensions With 32M Downloads Have Malicious Add-Ons that Steal Data, Report
- Cybercriminals Exploit Black Lives Matter Campaign to Distribute Malware via Email Amid Social Unrest