Tuesday, February 27, 2024
HomeCyber Security BlogsAutoHotKey used by Mekotio Trojan to Avoid Detection

AutoHotKey used by Mekotio Trojan to Avoid Detection

Mekotio is a Latin American banking trojan that is targeted at users mainly in Brazil, Mexico, Spain, Chile, Peru, and Portugal. This is persistent malware that is distributed via phishing emails and ensures persistence either by creating an LNK file in the startup folder or using a Run key. The malware has been used in phishing emails targeting Spanish users. Mekotio banking trojan has been discovered leveraging AutoHotKey (AHK) and AHK compiler to evade detection. 

The latest attack campaigns of the Trojan are focused on customers of banks in Latin America and Europe (France, Portugal, and Spain). It uses two separate emails as initial attack vectors, one One is a request to download a password-protected file and the other is a spoofed notification. In both spam emails, the malicious code is included in a .ZIP file that is downloaded to the victim’s computers.

The fraudulent emails consist of a legitimate AHK compiler executable, a malicious AHK script, and the Mekotio banking trojan itself. These files are extracted into a randomly named file saved in the local hard drive. A script then runs the AHK compiler to execute the AHK script, which loads Mekotio malware into the AHK compiler memory. The trojan will then operate from within the AHK compiler process via using a signed binary as a disguise to make detection more challenging for endpoint solutions to stay hidden. Hence experts have advised to be extremely alert while downloading files from unknown sources on the internet. In addition, always check for random new file folders created in the Windows Program Data directory.

 

Link: https://cyware.com/news/mekotio-tojan-is-using-autohotkey-to-avoid-detection-d9d237d4

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us