Symantec’s Threat Hunter has released information of a trojan targeting banking concerns in Latin America. According to the data, almost 100 organizations and individuals have already been targeted. The Cloud Analytics Technology flagged the system's detected attempts to download a suspicious file named mpr.dll into customer devices.
The download attempt was executed by Msiexec.exe and this led researchers to five files. Out of these, four looked like signed and legitimate DLL files. However, the mpr.dll file had a 588 MB size and looked highly suspicious. Researchers concluded this was the “Latin American banking Trojan” based on descriptions given at ESET in 2020.
Based on this insight, researchers discovered the same kind of attack had been perpetrated since late August 2021 on as many as 98 BFSI entities. This trojan was also trying to infiltrate other sectors including information technology, professional services, manufacturing, financial services, and government organizations.
This trojan dll-based attack seems part of a group of 11 banking Trojan gangs based in Latin America. For banking cybersecurity officials, these groups have been covered extensively in 2020’s ESET.
This year, a new Android banking trojan which researchers call TeaBot made the news, distributed in Europe as TeaTV or VLC MediaPlayer, and asking users to grant a galore of permissions.