Written by AJ Vicens
Nov 3, 2021 | CYBERSCOOP
Back in June, police in Spain arrested 16 people accused of being part of a gang laundering stolen money with the Mekotio and Grandoreiro banking trojans. The suspects in that arrest had already swiped more than $320,000, authorities said, but were on the verge of taking about $4 million before their arrests.
But that arrest wasn’t the end for the malware. In the last three months, Mekotio malware has been used to actively target victims again, a report published Wednesday by Check Point Research suggests, with more than 100 attacks detected that show new stealth and evasion techniques in Brazil, Chile, Mexico, Spain and Peru.
“Although the Spanish Civil Guard announced the arrest of 16 people involved with Mekotio distribution in July 2021, it appears the gang behind the malware is still active,” said Kobi Eisenkraft, the malware research and protection team leader at Check Point.
The research, written by Check Point’s Arie Olshtein and Abedalla Hadra, suggests new infection methods and obfuscation techniques such as a substitution cipher — one of the oldest encryption methods — which allows the malware to go undetected by most antivirus software. The latest