A sophisticated malicious computer operation has been targeting users in Mexico for at least 5 years with the goal of stealing their bank cards, personal and business data through a malware called Dark Tequila, which can be spread even when users are not connected to the Internet.
This is the result of a security report by the Russian company Kaspersky Lab, which ensures that the malware is spread via USB devices and phishing campaigns and contains detection functions. It has also been discovered that researchers have collected evidence suggesting that the author behind Dark Tequila speaks Spanish and comes from Latin America.
The report notes that the malware and its supporting infrastructure are unusually advanced, at least for the financial sector. This threat is mainly based on the theft of bank information, but when entered into the computer, it is able to steal login information from other websites, personal and business email addresses, file stores and even domains.
In this sense, Dark Tequila can access user data from websites such as Bitbucket, Amazon, GoDaddy, Dropbox, RackSpace and Network Solutions. The malware has several levels of attack and is distributed to users via infected USB devices and phishing emails. If it is already on the computer, Dark Tequila communicates with the command and control server to receive instructions.
Claire Foy takes on the role of Lisbeth Salander in the trailer of The Girl in the Spider’s Web.
The attack process requires only a few technical prerequisites of the network. In this sense, when Dark Tequila detects antivirus software, additional network monitoring, or limitations due to malware analysis in virtual environments, it simply stops the attack process and disappears from the system.
If the malware does not detect any of these security solutions, it activates the local attack and copies an executable file to an external hard disk to start it automatically. This allows you to run offline through the affected user’s network even if a single device has been compromised by the phishing campaign.
Dark Tequila has been in operation since 2013 and its main goal is to reach the users of Mexico. According to Kaspersky, the fact that there are words in Spanish in the code and proof of knowledge in this area are an indication that the hacker after this malware is located in Latin America.