This study is focused on the banking Trojan Mekotio, which is specially designed to attack users who use banking or cryptocurrency services. Since it was first detected in Spain, in March 2018, its code and functionalities have been developed and adapted, always maintaining the financial market as the main target, undertaking a high-impact malware distribution campaign in Spain since the beginning of 2021.
An IOC rule and a Yara rule are also available in this analysis to help with detecting samples belonging to the Mekotio family.
The technical report includes:
- General information.
- Summary of actions.
- Detailed analysis.
- Anti-detection and anti-reverse engineering techniques.