Mekotio Trojan

Mekotio Trojan is a banking Trojan whose main goal is to steal online banking credentials from Internet users. It is a severe threat not only for the victim’s finances but also for its privacy as the threatening activities of this malware can lead even to identity theft. The bank account credentials stolen by Mekotio Trojan include IDs, logins, passwords, credit card details and other sensitive information.

The collected data is transmitted to the cybercriminals who operate the Trojan and subsequently used for fraudulent transactions or sold to third parties for a profit. Mekotio also targets other data stored on or accessed by the affected devices, which can then be used for blackmail/ransom purposes.

An infection with Mekotio Trojan does not manifest itself through any particular symptoms, and the malware operates silently on the infected machine. Malware researchers have observed that Mekotio is distributed through Coronavirus/Covid-19 spam email campaigns.

The messages are written in Spanish and pretend to be judicial notifications. The emails state there have been complaints against the recipient for violating epidemic regulations, like not wearing a face mask. The emails contain links that lead to corrupted websites, and clicking on these links initiates the download/installation of Mekotio Trojan. Due to the huge potential damage, Mekotio Trojan should be removed from the affected computer immediately.