One sentence summary – A recent malware campaign targeting Latin America has been identified, distributing a new variant of the BBTok banking trojan that replicates the interfaces of over 40 Mexican and Brazilian banks, with the trojan’s main objective being to deceive victims into entering their two-factor authentication codes or payment card numbers, posing a significant danger to organizations and individuals in the region.
At a glance
- A recent malware campaign has been identified, targeting Latin America.
- The campaign is distributing a new variant of a banking trojan known as BBTok.
- BBTok is a Windows-based banking trojan that replicates the interfaces of over 40 Mexican and Brazilian banks.
- The trojan’s main objective is to deceive victims into entering their two-factor authentication (2FA) codes or payment card numbers.
- BBTok can perform various malicious activities, including killing processes, issuing remote commands, manipulating keyboards, and creating fake login pages.
The details
A recent malware campaign has been identified, targeting Latin America.
This campaign is distributing a new variant of a banking trojan known as BBTok.
BBTok is a Windows-based banking trojan.
It replicates the interfaces of over 40 Mexican and Brazilian banks.
The trojan’s main objective is to deceive victims into entering their two-factor authentication (2FA) codes or payment card numbers.
BBTok can perform various malicious activities.
These activities include killing processes, issuing remote commands, manipulating keyboards, and creating fake login pages.
The malware is delivered through phishing emails.
These emails employ various file types.
BBTok evades detection mechanisms such as the Antimalware Scan Interface (AMSI).
It also utilizes living-off-the-land binaries (LOLBins) and geofencing checks.
To deploy the malware, bogus links or ZIP file attachments are used.
A decoy document is displayed to the victim during the deployment process.
BBTok has expanded its targeting beyond Mexican banks.
This indicates an increase in its obfuscation and sophistication since 2020.
The presence of Spanish and Portuguese language in the source code and phishing emails suggests the attackers may be from Brazil.
It is estimated that over 150 users have been infected by BBTok.
The threat actors behind BBTok likely operate from Brazil.
Brazil is known as a hotspot for financially-focused malware.
BBTok remains actively deployed.
It poses a significant danger to both organizations and individuals in the Latin American region.
In addition to BBTok, Check Point has discovered a large-scale phishing campaign.
This campaign is targeting companies in Colombia.
The intention of this campaign is to deploy the Remcos RAT for full control over infected computers.
This detailed brief highlights the key facts about the ongoing malware campaign targeting Latin America and the distribution of the BBTok banking trojan.
It emphasizes the trojan’s replication of banking interfaces, delivery through phishing emails, evasion techniques, expanding target base, and the potential attribution of the attackers.
Additionally, it mentions the presence of another phishing campaign deploying the Remcos RAT in Colombia.
The article underscores the importance of remaining vigilant and implementing robust security measures to mitigate the risks posed by BBTok and similar threats in the region.
Article X-ray
Here are all the sources used to create this article:
A pixelated map of Latin America with a sinister-looking virus spreading across the region.
This section links each of the article’s facts back to its original source.
If you have any suspicions that false information is present in the article, you can use this section to investigate where it came from.
| thehackernews.com |
|---|
| – A malware campaign targeting Latin America is distributing a new variant of a banking trojan called BBTok. – BBTok replicates the interfaces of over 40 Mexican and Brazilian banks to trick victims into entering their 2FA codes or payment card numbers. – |
| The malware is delivered through phishing emails that use various file types. – BBTok is a Windows-based banking malware that can kill processes, issue remote commands, manipulate keyboards, and create fake login pages. – |
| The attack uses bogus links or ZIP file attachments to deploy the malware while displaying a decoy document to the victim. – |
| The malware evades detection mechanisms like Antimalware Scan Interface (AMSI) and uses living-off-the-land binaries (LOLBins) and geofencing checks. |
| – BBTok establishes connections with a remote server to simulate security verification pages for banks and harvest user credentials. – |
| The malware has improved its obfuscation and targeting since 2020 and now targets beyond Mexican banks. – |
| The presence of Spanish and Portuguese language in the source code and phishing emails suggests the attackers are from Brazil. – Over 150 users are estimated to have been infected by BBTok. – |
| The threat actors likely operate out of Brazil, which is a hotspot for financially-focused malware. – |
| BBTok remains actively deployed and poses a danger to organizations and individuals in the region. |
| – Check Point also discovered a large-scale phishing campaign targeting companies in Colombia, aiming to deploy the Remcos RAT for full control over infected computers. |
English 
Portuguese 
Turkish 
Chinese 
German