The Mekotio Banking Trojan Is Apparently Back in Business

Mekotio is a banking trojan that mostly targets victims in Brazil, Chile, Mexico, Spain, Peru, and Portugal. The use of a SQL database as a C&C server is the most striking characteristic of the latest forms of this malware family.

Mekotio is a banking malware that has been around since at least 2015. As a result, it assaults by showing pop-up windows to its victims in an attempt to lure them to provide critical information. These windows are built to target Latin American banks and other financial organizations.

What Happened?

After many members of the group behind the Mekotio Latin American banking virus were apprehended in Spain, the trojan is making a comeback. In recent weeks, more than 100 attacks have contained a new infection routine, showing that the organization is still aggressively retooling.

The new campaign started right after the Spanish Civil Guard announced the arrest of 16 people involved with Mekotio [aka Metamorfo] distribution in July. It appears that the gang behind the malware were able to narrow the gap quickly and change tactics to avoid detection.


The updated Mekotio infection vector has “unprecedented aspects” to keep detection rates low, like a stealthier batch file with at

Read More: