Dark Tequila: A Distilled Threat for Mexican Targets
Researchers have been tracking an ongoing malicious campaign targeting victims in Mexico, with a highly crafted tool built to steal financial information and login credentials for popular websites.
Researchers at Kaspersky Lab said today that the campaign, dubbed Dark Tequila, and its supporting infrastructure are unusually sophisticated, especially for a financial fraud operation. “A multi-stage payload is delivered to the victim only when certain conditions are met; avoiding infection when security suites are installed or the sample is being run in an analysis environment,” they said in a Tuesday post.
Researchers were able to deduce from the target list retrieved from the final payload that the campaign targets customers of several Mexican banking institutions. The payload contains comments embedded in the code written in the Spanish language, using regional words only spoken in Latin America, they said.