Security & Fraud

Big Banks Plagued By Dark Tequila Malware

Kaspersky Lab announced on Tuesday (Aug. 21) that it discovered a sophisticated cyber-operation named Dark Tequila, which has been targeting Mexicans for the past five years. Using malware, the hacker or hackers steals bank credentials and personal and corporate data.

According to a press release from Kaspersky, the malware is spread via infected USB devices, as well as through spear phishing emails that include features to evade detection. The security software company said the suspected actor behind Dark Tequila is thought to be Spanish speaking and Latin American in origin. Kaspersky noted that the malware connected to Dark Tequila is "unusually sophisticated" for financial fraud operations.

"The threat is focused mainly on stealing financial information, but once inside a computer, it also siphons off credentials to other sites, including popular websites, harvesting business and personal email addresses, domain registers, file storage accounts and more, possibly to be sold or used in future operations," the company said. "Examples include Zimbra email clients and the websites for Bitbucket, Amazon, GoDaddy, Network Solutions, Dropbox, Rackspace and others."

The security firm noted that the malicious implant contains all the modules that are required for the operation, including a key logger and windows monitoring capability to capture login details and other personal information.

Kaspersky said Dark Tequila has been actively targeting Mexican users since at least 2013. The presence of Spanish words in the code and evidence of local knowledge suggest the threat action is from Latin America.

“At first sight, Dark Tequila looks like any other banking Trojan, hunting information and credentials for financial gain. Deeper analysis, however, reveals a complexity of malware not often seen in financial threats,” said Dmitry Bestuzhev, head of Kaspersky's global research and analysis team in Latin America. “The code’s modular structure, as well as its obfuscation and detection mechanisms, help it to avoid discovery and deliver its malicious payload only when the malware decides it is safe to do so. This campaign has been active for several years, and new samples are still being found. To date, it has only attacked targets in Mexico, but its technical capability is suitable for attacking targets in any part of the world.”



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.