BlackBerry has flagged a potential threat to Mexican banks and cryptocurrency platforms based on hackers’ attempt to deliver a modern version of Allakore RAT.
In a Jan 24 report, BlackBerry’s Research and Intelligence Team raised concerns about a threat actor targeting financial institutions with Allakore RAT modified to allow hackers send stolen banking details and other key components to the command center for cyber theft.
According to the report, the bad actors are looking for large firms with revenues above $100 million because lures flagged by the research team were sent to firms that report directly to the Mercian Social Security Institute (IMSS).
The reason for targeting large companies directly under the MSSI is first the financial incentives as these companies are worth more and secondly, the lures deployed use the IMSS links and naming schemas to make legitimate, benign documents during the process.
“The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud.”
The team also narrowed the bad actors that posed the threat of being based in Latin American countries because of the use of the Spanish language conveying instructions in the modified payload.
The large number of Mexican Starlink IPs alongside the timeframe in the process also backs up their research team’s claims of bad actors based in the Latin American region.
“This threat actor is specifically targeting Mexican entities, especially large companies with gross revenues over $100M US. All lures have utilized legitimate and benign Mexican government resources, such as the IDSE software update
Read more on cryptonews.com