Dark Tequila Malware Campaign Targets Users in Mexico

A Big thanks to Kaspersky Lab, the Long Menace of a key logger malware has finally come to the halt in Mexico! The Malware was termed as “Dark Tequila” and was responsible for haunting Mexican banks for almost 5 years!

Dark Tequila Malware is so highly evolved in the art of deception, that it went unnoticed for 5 years from the radar of cyber security officials. As it was targeting Banks and Financial institutions, it was sneaking in Login Credential database of a large number of unsuspecting users. The point of origination is US and the nature of this malware is dubbed as key logger based!

Every single stroke of the keyboards was tracked by this nasty malware!

Methods of distribution adopted to proliferate this pernicious system infection are not new. Let us take an insight on these distribution Tactics:

• Spear Phishing: Unlike the traditional ‘spray and pray’ approach adopted by cyber criminals to target general mass, spear phishing technique is a precisely targeted attack that aims at specific individuals or organizations. Intense research is conducted in order to make the attack more personalized and increase the probability of the target falling in the trap.

In case of Dark Tequila malware distribution, the campaign involved delivering spoof emails to financial institutions in order to gain unauthorized access to sensitive information. Just like regular phishing expedition, spear phishing technique also involves deceiving users by delivering emails masquerading as trusted authorities.

The malicious program is embedded in the spam email attachment that makes use of macros, a routine program in MS Office suite that helps automate routine tasks. Macros by default are disabled in Microsoft Word, Excel, or PowerPoint files. If any email attachment seeks enabling of Macros, you need to be cautious as enabling it may result in the execution of the malicious script that may infect your system with Dark Tequila Malware.

• External Media: External drives like infected USB (Universal Serial Bus) drives are used to unfurl Dark Tequila malware. Injecting clean USB drives in infected computers enables the malware program to move offline from victim’s network to the inserted external drive. This USB is now all set to spread this malware in other systems.

Dark Tequila- Threat Behavior

Here is the Modus Operandi of the Malware!

Like any other Malware, Dark Tequila is controlled by an external server (commonly known as C&C) that ensures no MITM (Man in the middle) Knight is there for the protection of targeted system. Before the final attack, it ensures couple of dry runs to eliminate any possibility of errors! In case, the malware encounters any unfavorable harsh environment that questions its sustainability, it performs a cleanup of its traces and postpones the attack.

After a successful infiltration, it imparts Key logging algorithm in the background of the OS.  To avoid detection, these key loggers work in offline mode! Apart from this, it also targets important security files that have user sensitive information. So as to transfer this collected information / infection, it relies on an active internet connection as well as a USB drive! There are extra services just to ensure a smooth functioning of dark Tequila without getting monitored!

The speculations on the number of victims is still not confirmed!

Hits: 110