Dark Tequila is a complex malware that is primarily designed to attack banking institutions. The malware was functional from the last five years but was recently detected by the security experts at Kaspersky Labs.
What is Dark Tequila Malware?
Dark Tequila is a stealthy malware that had successfully managed to fool antimalware software since 2013. The malware consists of a powerful keylogger, which helped Dark Tequila to remain undetected. Moreover, the malware is highly focused and follows few evasion techniques.
How Has It Affected Banks?
The malware has been targeting several bank institutions in different Latin American countries such as Mexico. It has also been found out by researchers that the malware developer could be a Latin American and might be a Spanish speaker. They have also identified that the malware code is unusually sophisticated.
Dark Tequila malware is primarily designed to collect data from victims. The data could be banking credentials, corporate or personal data. One of the biggest abilities of this malware is to silently sit on victim’s hard drive, where it can also gather credentials for cloud services such as DropBox, BitBucket and RackSpace. This information can be used for other attacks.
The malware can steal user bank details from several online banking websites. It can even gather login credentials from popular sites. The list of websites that can be affected by the malware include Plesk, Cpanels, Amazon, Namecheap, Register, Rackspace, Softlayer, Dropbox, GoDaddy, Bitbucket, Zimbra email, IBM Lotus Notes, Microsoft Office 365 and other services.
The mode of transfer for injecting malicious program onto victim’s computer can be through infected USB devices or via spear-phishing. As soon as the malicious code is entered into the device, a multi-layered malware is infected into victim’s computer. However, the infection gets activated only if specific conditions are met. These conditions include checking whether the hacked computer is presently running a security software or not.
Once infected, the malware is able to monitor and manage several operations on the system.
Different Modules in Dark Tequila
Here are the six main modules that were considered while designing this super-stealthy malware: –
1. Control & Command (C&C) module – The functionality of this part is to maintain the communication between the command center i.e. C&C server and infected computer. It also monitors MITM(man-in-the-middle) intrusions and defends the malware against any sort of analysis.
2. CleanUp module – While dodging various security suites, if Dark Tequila detects any fishy activity, for example, executing on VMware or other virtual machine software or debugging tools, CleanUp module will scan and cleanup the entire infected system. It will remove persistence service and forensic evidence of malware’s presence.
3. Keylogger module – The Keylogger module particularly monitors the entire system and records every keystroke. Hence, the malware is able to gather login credentials for websites that are accessed by the victim.
4. Information Stealer module – As the name implies, this module steals saved passwords from FTP and email clients and browsers. This module, with the help of other modules such as Keylogger module, manages to identify login credentials of the victim.
5. USB Infector module – USB Infector replicates itself and attacks additional devices through USB drives. The module copies and transfers an executable file to the removable storage drive. This executable file runs automatically once the storage drive is plugged into the system.
Also Read : MysteryBot: A New Threat To Your Banking Apps
6. Service Watchdog module – The Service Watchdog module takes care of the entire functioning of malware. Its role is to check whether malware is functioning properly or not.
Researchers are not yet done with the Dark Tequila malware campaign. As such attacks can be executed anywhere in the world, there are trying to build new defense systems to nullify the effect of the attack. To defend your systems against Dark Tequila, you need to be vigilant of fishy emails. You must also safeguard your computers and other devices with a powerful security suite that detects and wipes out such attacks. Moreover, do not connect untrusted USB drives and other storage devices to your systems. It is also advised to disable auto-run on storage devices.