contador web Skip to content

‘Dark Tequila’ scam steals bank details in Latin America since 2013

'Dark Tequila' scam steals bank details in Latin America since 2013

Researchers at Kaspersky Lab found that the scam known as «Dark Tequila» has been making victims since 2013, at least. The attack is characterized by the theft of bank credentials and personal data using complex malware, which reaches the victim’s computer through spear phishing or infected USB devices, such as a USB stick – that is, without the target having access to the Internet.

READ: FBI issues warning of possible scam at ATMs worldwide

The name is associated with the country where the attack has claimed victims, Mexico. It is unknown whether the author of Dark Tequila is Mexican, but Kaspersky scientists believe he is a Latin American and Spanish-speaking person or group. The discovery was presented last Tuesday (14), during the Conference of Security Analysts for Latin America, held in Panama City.

1 of 1 ‘Dark Tequila’ scam steals bank details in Latin America since 2013 – Photo: Reproduction / Kaspersky Lab

‘Dark Tequila’ scam steals bank details in Latin America since 2013 – Photo: Reproduction / Kaspersky Lab

Want to buy cell phones, TV and other discounted products? Discover Compare TechTudo

The malicious code has an unusually sophisticated infrastructure for a financial fraud action, and has special capabilities to prevent its detection. If it identifies the presence of an antivirus, sandbox or any other installed security solution, the payload – the part of the virus that effectively performs the harmful action – is not delivered to the machine. The malware then cancels the infection routine and deletes itself from the system.

On the other hand, if the machine is unprotected, the code starts to copy an executable file to the removable drive, so that it runs automatically. That’s how Dark Tequila spreads across the network without relying on an Internet connection. Simply plug the USB device into another PC and it will be infected.

Another atypical feature of Dark Tequila is that it doesn’t just steal bank details. Once on the computer, it also extracts login credentials from popular websites, personal and business email addresses, file storage accounts in the cloud, and so on. Among the services listed are Amazon, Dropbox and GoDaddy. The researchers believe that this data should be sold or used in future fraudulent actions.

Although the attacks have been carried out exclusively in Mexico for the time being, Brazilians should be careful. According to the head of Kaspersky Lab’s global research and analysis team for Latin America, Dmitry Bestuzhev, Dark Tequila’s technical capacity is sufficient to make targets anywhere in the world. In addition, it is worth remembering that Brazil is the leader of digital scams in Latin America.

To protect yourself, it is essential to have a good antivirus installed on the machine. Kaspersky recommends performing an antivirus scan of all email attachments and USB drives before opening them. It is also interesting to disable the automatic execution of USB devices, to avoid connecting pendrives or other unknown gadgets to the computer and to install specific security solutions against financial threats.

Virus on LG Smart TV: is it possible? Ask questions in the TechTudo Forum.

What is ransomware: five tips to protect yourself

What is ransomware: five tips to protect yourself