Blackberry issues warnings to Mexican crypto exchanges regarding potential cyber threats. Blackberry’s research arm detected a financially motivated attacker targeting high-net-worth Mexican cryptocurrency exchanges and banks.
Blackberry’s report revealed an attack on banks and crypto trading services using AllaKore RAT, an open-source remote access tool, to steal sensitive user information
The threat aimed to install the AllaKore RAT tool on company computers and databases, avoiding employee suspicion by using official-looking links and names.
The report adds, “The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for financial fraud.”
The threat primarily targets large companies with gross revenues over $100 million. Blackberry noted that such companies report directly to the Mexican Social Security Institute (IMSS).
A majority of the attacks are linked to Starlink IP addresses in Mexico. Based on the Spanish-language instructions in the RAT payload, Blackberry believes the threat actor is based in Latin America.
In newer versions of AllaKore RAT, the software is delivered to targets in a Microsoft software installer file, following a more complicated installation process.
The software is only executed if it confirms that the victim is located in Mexico. The threat is not limited to large banks and crypto trading services, as the software can target anyone. Large corporations from various industries are also being targeted using this method.
The number of cyberattacks using basic phishing methods has been rising, with an increased success rate in stealing funds.
In a security breach on Jan. 20, the contact information of around 66,000 users of hardware wallet manufacturer Trezor was leaked. Trezor assured users that none of their funds have been compromised, and their devices remain secure.
However, at least 41 users received emails from the attacker requesting information about their recovery seeds. Given the increasing number of data leaks in the crypto ecosystem, investors are advised to refrain from sharing sensitive information unless verified.
Read also:Solana-based Jupiter confirms token release date