Banking Trojan Mekotio Not Only Steals Cryptocurrency
Information security company ESET has revealed details about the operation of the Mekotio banking trojan.
Earlier it was reported that this malware is capable of stealing cryptocurrency from users. It is now known that Mekotio is also capable of performing typical backdoor functions. This includes taking screenshots, rebooting infected devices, restricting access to real banking sites, stealing credentials from Google Chrome.
Mekotio can access the user’s system settings, information about the Windows operating system, firewall configuration, a list of installed antivirus solutions. With one of the commands, Mekotio attempts to destroy all files on the device by deleting all files and folders from the C: Windows tree.
The Trojan disguises itself as an update required to ensure the security of the device. Mekotio is mainly distributed via spam. Most often, the distribution chain includes several stages and ends with the download of a malicious ZIP archive.
Experts note that Mekotio is constantly being improved, its developers are introducing new ways to hide from detection, due to which the Trojan is becoming more and more dangerous.