More than 40 banks in Mexico and Brazil have been subjected to a new malware campaign involving a new variant of the BBTok banking trojan meant to exfiltrate data for hijacking online bank accounts, according to The Hacker News.
Attackers have leveraged fraudulent links and ZIP attachments to facilitate the deployment of the new BBTok variant while bypassing security systems through living-off-the-land binaries and geofencing monitoring, a Check Point report revealed. Impersonation of banks' interfaces is then performed by the trojan to enable credential and authentication data collection, which it would later utilize for online bank account takeovers, according to the report, which noted that the malware has already infected over 150 users.
"Although BBTok has been able to remain under the radar due to its elusive techniques and targeting victims only in Mexico and Brazil, it's evident that it is still actively deployed. Due to its many capabilities, and its unique and creative delivery method involving LNK files, SMB, and MSBuild, it still poses a danger to organizations and individuals in the region," said researchers.
