Blackberry, the renowned tech giant once dominating the mobile phone industry, has uncovered a cyber attack targeting Mexican crypto exchanges.
Blackberry sounded the alarm regarding a financially motivated attacker with their research and intelligence division.
This malevolent entity is setting its sights on numerous high-net-worth Mexican cryptocurrency exchanges and banks.
In a detailed report, Blackberry unveiled the attack strategy, which revolves around an attempt to pilfer sensitive user information from banks and cryptocurrency trading platforms.
The weapon of choice for the attacker is an open-source remote access tool known as AllaKore RAT.
This threat operates by infiltrating company-owned computers and databases, often camouflaging itself with official naming conventions and links, thereby slipping under the radar of unsuspecting employees.
The report goes on to highlight the insidious nature of the AllaKore RAT payload, which has been substantially modified to enable the perpetrators to transmit stolen banking credentials and unique authentication data to a command-and-control (C2) server.
This stolen information is then exploited for financial fraud.
Notably, the attackers appear to have a predilection for large companies with gross revenues exceeding $100 million, which typically report directly to the Mexican Social Security Institute (IMSS), according to Blackberry’s findings.
The majority of these attacks can be traced back to Mexican Starlink IP addresses.
Additionally, the use of Spanish-language instructions within the modified RAT payload led Blackberry to conclude that the threat actors are likely based in Latin America.
The latest versions of the AllaKore RAT exhibit a more intricate installation process. They are delivered to their targets within a Microsoft software installer file, with execution contingent on confirming the victim’s location as Mexico.
However, the threat is not confined solely to major banks and crypto trading services.
Large Mexican corporations from various sectors, including retail, agriculture, public administration, manufacturing, transportation, commercial services, and capital goods, are also in the crosshairs of this malicious campaign.
Meanwhile, the cybersecurity landscape continues to witness a surge in basic phishing attacks, with an alarming success rate in stealing funds.
Just recently, on January 20th, the contact details of nearly 66,000 users of the hardware wallet manufacturer Trezor were exposed in a security breach.
Trezor, while reassuring its users that their funds remained secure, cautioned against sharing sensitive information unless properly verified, as attackers had begun sending direct email requests for sensitive recovery seed data to at least 41 users.
With numerous data breaches plaguing the cryptocurrency ecosystem, investors are urged to exercise extreme caution and verify the authenticity of requests for sensitive information.