ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Mekotio

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Mekotio

NamesMekotio
Metamorfo
Casbaneiro
CategoryMalware
TypeBanking trojan, Reconnaissance, Backdoor, Keylogger, Info stealer, Credential stealer
Description(ESET) As is common for most Latin American banking trojans, Mekotio has several typical backdoor capabilities. It can take screenshots, manipulate windows, simulate mouse and keyboard actions, restart the machine, restrict access to various banking websites and update itself. Some variants are also able to steal bitcoins by replacing a bitcoin wallet in the clipboard and to exfiltrate credentials stored by the Google Chrome browser. Interestingly, one command is apparently intended to cripple the victim’s machine by trying to remove all files and folders in C:\Windows tree.
Information<https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/>
<https://cofense.com/blog/autohotkey-banking-trojan/>
<https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/rooty-dolphin-uses-mekotio-to-target-bank-clients-in-south-america-and-europe/>
<https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.mekotio>

Last change to this tool card: 24 April 2021

Download this tool card in JSON format

All groups using tool Mekotio

ChangedNameCountryObserved

Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key