With security researchers at Kasperksy Lab recent uncared a sophisticated cybercrime outfit called Dark Tequila, which targets banking customers in Mexico and other Latin American nations. It become headline now due to uncovered since 2013, with all the antivirus house and platform of sophisticated technologies being deployed and make every endpoint and server being protected.
Kaspersky believes Dark Tequila has been active since 2013, primarily in Mexico. The outfit’s main weapon is an advanced malware program which the Russian security firm described as “unusually sophisticated.” from the malware analysis and research findings. Based on the company’s analysis of the code thru malware analysis and reverse engineering (MARE), it believes the developer is Spanish-speaking and Latin American in origin.
At the very core of the malware program, it invent to gather data on its affected victims – banking credentials, personal or corporate data. The primary method of transmission is spear phishing and infected USB flash drives. The latter is an extremely effective propagation method for several reasons, as people are intrinsically curious; appreciate a freebie; and aren’t sufficiently aware of the risks associated with using untrusted USB flash drives.
Once the malware is on the user’s computer, it connects to a remote command-and-control server, and downloads a payload. This only happens if the malware believes it’s on a genuine victim’s computer, and not, for example, in a quarantined analysis environment.
The Dark Tequila malware contains a keylogger and network monitoring tool, and crucially, is able to self-propagate. This means that should the victim insert a USB flash drive into their computer, the malware will clone itself, ready to infect a new person. This, incidentally, is how the Stuxnet virus was believed to have spread.
With the headline being made, so everyone can expect their antivirus program will able to detect and block it. Obviously, corporate policy like disabling auto-run on USB devices, and avoiding connecting unknown devices and USB sticks to your computer remain effective policy to be implement as well.
Malware analysis and reverse engineering (MARE) program that allow you to perform sandboxing and malware analysis/research will be helpful as well, in particular as you can notice for the case, it is detect only after 5 years, corporate that implement malware analysis and research, or sampling from time to time to different segment of corporate network and them perform unusual or suspect malware and virus analysis, will be part of proactive solution for address the issue in the fundamental right manner.
For the Enterprise cyber red team that require proactive ethical hacking for own infrastructure, system and application, and testing for social engineering aspect for the possibility for break in, E-SPIN carry full range of exploitation and penetration testing solution that can cater for that need.
Talk with E-SPIN for the assistance for any malware analysis and reverse engineering (MARE), as well as end to network, server, endpoint, mobile device malware, antivirus protection for latest threat and challenges.