BlackBerry warns of cyber threat lurking in Mexico’s crypto exchanges
The research and intelligence arm of BlackBerry, the tech giant that previously dominated the mobile phone market, has identified a financial attacker targeting several high-value Mexican cryptocurrency exchanges and banks.
Blackberry's report identified an attack that used an open-source remote access tool called AllaKore RAT to steal sensitive user data from banking and cryptocurrency services. The threat aims to plant the device into company-run computers and databases, often hiding suspicious employees from official naming schemes and links. The report added:
“The AlaKore RAT payload has been heavily modified to allow threat actors to send stolen banking credentials and special authentication information to a command-and-control (C2) server for the purpose of financial fraud.
The threat scenario indicates that attackers primarily target large companies with gross revenues of more than $100 million. Such companies report directly to Mexico's Social Security Institute (IMSS), BlackBerry said.
Most of the attacks were traced back to Mexican Starlink IP addresses. Additionally, considering the use of Spanish-language instructions on the updated RAT payload, BlackBerry concluded that the threat actor was in Latin America.
Newer AllaKore RAT iterations follow a more complex installation process, where the software is delivered to the targets in a Microsoft software installer file. The software only works after confirming that Mexico is the victim's current location.
However, the scope of the risk is not limited to large banks and crypto business services. A similar tactic is used to target large Mexican corporations from other business verticals, including retail, agriculture, public sector, manufacturing, transportation, business services and capital goods.
Related: MailerLite Confirms Hack That Led to $3.3M Crypto-Phishing Email Attacks
Cyber attacks by basic phishers to steal funds continue to increase along with their success. On January 20, the contact information of nearly 66,000 users of hardware wallet maker Trezor was released in a security breach. Trezor warns users that:
“We would like to stress that none of our users' funds were affected by this incident. Your Trezor device is as secure today as it was yesterday.
At the time of reporting, at least 41 users received direct email messages from the attacker with sensitive information about their recovery seed. Given the vast amount of data leaks throughout the crypto ecosystem, investors are advised to avoid sharing sensitive information unless verified.
Magazine: Big Questions: How Bitcoin Payments Can Make a Return?