{"id":9407,"date":"2020-07-23T20:13:08","date_gmt":"2020-07-23T17:13:08","guid":{"rendered":"https:\/\/forklog.media\/?p=9407"},"modified":"2020-07-24T01:52:24","modified_gmt":"2020-07-23T22:52:24","slug":"banking-trojan-mekotio-now-targets-cryptocurrencies","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/banking-trojan-mekotio-now-targets-cryptocurrencies\/","title":{"rendered":"Banking Trojan Mekotio Now Targets Cryptocurrencies"},"content":{"rendered":"<p>According to cyber-security firm ESET, the trojan Mekotio, which is known for stealing banking credentials, now directly targets cryptocurrencies.<\/p>\n<p><!--more--><\/p>\n<p>Once downloaded on the victim\u2019s device, Mekotio detects the user\u2019s attempts to visit an online bank, replaces the login window with a fake one, and sends the input data to a remote server.<\/p>\n<p>Now, Mekotio is able to replace crypto-wallet addresses. The trojan replaces the destination address with that of the hacker if the victim pastes the wallet number from the clipboard, instead of typing manually.<\/p>\n<p>Usually, victims download the trojan during phishing attacks. Oftentimes, the sender poses as a renowned company or a government institution, with the message including a link that downloads a .zip archive with an .msi installer. Should the victim unarchive and install it, the attack is successful.<\/p>\n<p><a href=\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9409 size-large\" src=\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146-1024x356.png\" alt=\"Banking Trojan Mekotio Now Targets Cryptocurrencies\" width=\"1024\" height=\"356\" srcset=\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146-1024x356.png 1024w, https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146-300x104.png 300w, https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146-768x267.png 768w, https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146-470x163.png 470w, https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/07\/image2-146.png 1110w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p style=\"text-align: center;\"><em>Infection scheme \/ Source: <a href=\"https:\/\/www.welivesecurity.com\/br\/2020\/07\/15\/mekotio-trojan-rouba-dados-de-acesso-em-servicos-home-banking\/\">ESET<\/a><\/em><\/p>\n<p>ESET recommends users to avoid downloading attachments from unknown senders, double-check links, and update their software on a regular basis.<\/p>\n<p>Earlier today, forklog.media <a href=\"https:\/\/forklog.com\/en\/north-korean-hackers-create-crypto-trading-apps-to-steal-cryptocurrencies\/\">reported<\/a> that Lazarus, a hacker group associated with North Korea, intensified its cyber-attacks to steal cryptocurrencies. The hackers have been releasing crypto-trading apps having an embedded trojan, namely, AppleJeus for macOS and Bluenoroff for Windows. Using the trojans, the hackers reportedly steal user access to crypto-wallets and exchanges.<\/p>\n<p><b>Follow us on <\/b><a href=\"https:\/\/twitter.com\/forklogmedia\"><b>Twitter<\/b><\/a><b> and <\/b><a href=\"https:\/\/www.facebook.com\/forklogmedia\"><b>Facebook<\/b><\/a><b> and join our <\/b><a href=\"https:\/\/t.me\/forklogmedia\"><b>Telegram channel<\/b><\/a><b> to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to cyber-security firm ESET, the trojan Mekotio, which is known for stealing banking credentials, now directly targets cryptocurrencies.<\/p>\n","protected":false},"author":8,"featured_media":9391,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[100],"class_list":["post-9407","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-malware"],"aioseo_notices":[],"amp_enabled":true,"views":"927","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9407"}],"version-history":[{"count":5,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9407\/revisions"}],"predecessor-version":[{"id":9421,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9407\/revisions\/9421"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9391"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}