ESET experts have warned of a surge in the activity of the Mekotio Trojan, aimed at stealing cryptocurrencies. Previously, the malware stole the victims’ bank details.
Once on the victim’s device, Mekotio monitors the sites visited by the browser. If the victim logs into any of the online banks of interest to cybercriminals, the malware will display a fake login window. User-entered credentials are sent to the remote server.
Mekotio can replace cryptocurrency wallet addresses. If the victim decides to transfer funds and downloads the wallet number from the clipboard, the Trojan will change the address of the recipient of the funds, and they will be sent to the hacker.
The Trojan spreads through social engineering. Attackers send phishing emails with the sender disguised as a well-known organization or government agency.
A malicious link is placed in the body of messages, by clicking on which the user downloads a zip archive with the .msi installer. If the victim unzips and installs it, the Mekotio attack will be successful.
To protect against Trojan infection, ESET recommends that you do not download attachments from unknown senders, do not click on suspicious links, and update your software regularly.
As a reminder, in February, hackers modified the Cerberus Trojan virus that intercepts one-time passwords from the Google Authenticator application.