Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013.
Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques.
Dark Tequila has primarily been designed to steal victims’ financial information from a long list of online banking sites, as well as login credentials to popular websites, ranging from code versioning repositories to public file storage accounts and domain registrars.
The list of targeted sites includes “Cpanels, Plesk, online flight reservation systems, Microsoft Office 365, IBM Lotus Notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services,” the researchers say in a blog post.
The malware gets delivered to the victims’ computers in the first place either via spear-phishing or infected USB devices.
Once executed, a multi-stage payload infects the victim’s computer only after certain conditions are met, which includes checking if the infected computer has any antivirus or security suite installed or is running in an analysis environment.
Besides this, “the threat actor behind it strictly monitors and controls all operations. If there is a casual infection, which is not in Mexico or is not of interest, the malware is uninstalled remotely from the victim’s machine,” the researchers say.
The Dark Tequila malware basically includes 6 primary modules, as follows:
According to the researchers, the Dark Tequila campaign is still active and can be deployed in any part of the world to attack any target “according to the interests of the threat actor behind it.”
To protect yourself, you are recommended to always be vigilant of suspicious emails and keep a good antivirus solution to protect against such threats before they infect you or your network.
Most importantly, avoid connecting untrusted removable and USB devices to your computer, and consider disabling auto-run on USB devices.