Banking Trojan Mekotio Now Targets Cryptocurrencies

According to cyber-security firm ESET, the trojan Mekotio, which is known for stealing banking credentials, now directly targets cryptocurrencies.

Once downloaded on the victim’s device, Mekotio detects the user’s attempts to visit an online bank, replaces the login window with a fake one, and sends the input data to a remote server.

Now, Mekotio is able to replace crypto-wallet addresses. The trojan replaces the destination address with that of the hacker if the victim pastes the wallet number from the clipboard, instead of typing manually.

Usually, victims download the trojan during phishing attacks. Oftentimes, the sender poses as a renowned company or a government institution, with the message including a link that downloads a .zip archive with an .msi installer. Should the victim unarchive and install it, the attack is successful.

Infection scheme / Source: ESET

ESET recommends users to avoid downloading attachments from unknown senders, double-check links, and update their software on a regular basis.

Earlier today, forklog.media reported that Lazarus, a hacker group associated with North Korea, intensified its cyber-attacks to steal cryptocurrencies. The hackers have been releasing crypto-trading apps having an embedded trojan, namely, AppleJeus for macOS and Bluenoroff for Windows. Using the trojans, the hackers reportedly steal user access to crypto-wallets and exchanges.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.