Technology company #Blackberry famously known for its mobile phones, through its research and intelligence division, has issued a warning about a cyber attacker targeting Mexican crypto exchanges and banks with high revenues. According to Blackberry, attackers primarily target companies in Mexico with annual revenues exceeding $100 million.

In its report, Blackberry identified an attack that aimed to steal sensitive data from
banks and #cryptocurrency services using the open-source remote access tool
AllaKore RAT. The attackers use AllaKore RAT to infiltrate computer systems and
databases of target companies, disguising themselves behind legitimate naming
and links to avoid detection. Blackberry stated:

"The modified version of AllaKore RAT allows attackers to send stolen banking login credentials and unique authentication information back to their command and control server (C2) for financial fraud purposes."


Attacks Targeting High-Revenue Companies

Blackberry emphasized that the attackers are focusing on large companies with annual revenues over $100 million, which are under the Mexican Social Security
Institute (IMSS).

Most attacks were traced back to IP addresses belonging to Mexico Starlink. Moreover, Blackberry revealed that due to the use of Spanish instructions in the modified AllaKore RAT, it is likely that the attacker is based in Latin America.

Details about the threat actor attacking Mexican business. Source: Blackberry

Newer versions of AllaKore RAT follow a more sophisticated installation process, where the software is delivered to the targets in a Microsoft software installer and is activated only if the victim is located in Mexico.

Threat Not Limited to Financial Sector

The threat is not limited to just banks and cryptocurrency services but is also used
against large Mexican corporations from various industries, including retail,
agriculture, public sector, manufacturing, transport, commercial services and
capital goods.

Increase in Successful Phishing Attacks

Cyber attacks conducted through phishing are continually increasing in frequency and success. Recently, contact information for nearly 66,000 users of #Trezor
hardware wallets was leaked. In response, Trezor emphasized that the financial
assets of the users were not compromised, and their devices are as secure as
before. At least 41 users received direct emails from the attacker requesting
sensitive information about their recovery seeds.

Given the numerous data breaches across the crypto ecosystem, investors are advised to be cautious and refrain from sharing sensitive information unless it is reliably verified.

 


Notice:

,,The information and views presented in this article
are intended solely for educational purposes and should not be taken as
investment advice in any situation. The content of these pages should not be
regarded as financial, investment, or any other form of advice. We caution that
investing in cryptocurrencies can be risky and may lead to financial losses.“