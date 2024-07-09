More Latin American financial organizations have been subjected to intrusions involving the Mekotio banking trojan, also known as Melcoz, aimed at banking credential exfiltration, The Hacker News reports.

Tax-themed phishing lures have been leveraged by attackers to deliver an MSI installer file that would then deploy Mekotio, which not only steals banking credentials via banking site-spoofing pop-ups but also enables keystroke logging, screenshot capturing, clipboard data theft, and host persistence via scheduled tasks, according to a report from Trend Micro. "The Mekotio banking trojan is a persistent and evolving threat to financial systems, especially in Latin American countries. It uses phishing emails to infiltrate systems, with the goal of stealing sensitive information while also maintaining a strong foothold on compromised machines," said Trend Micro. Such a development follows a report from Scitum detailing the emergence of the novel Red Mongoose Daemon banking trojan targeted at Brazil. "Red Mongoose Daemon has capabilities for manipulating and creating windows, executing commands, controlling the computer remotely, manipulating web browsers, hijacking clipboards, and impersonating Bitcoin wallets by replacing copied wallets with the ones used by cybercriminals," said the report.