Dubbed Dark Tequila, the possess delivers an advanced keylogger malware that managed to remain nether the radar for 5 years due to its highly targeted nature in addition to a few evasion techniques.
Dark Tequila has primarily been designed to bag victims’ fiscal information from a long listing of online banking sites, every bit good every bit login credentials to pop websites, ranging from code versioning repositories to populace file storage accounts in addition to domain registrars.
The listing of targeted sites includes "Cpanels, Plesk, online flying reservation systems, Microsoft Office 365, IBM Lotus Notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, in addition to other services," the researchers country inwards a blog post.
The malware gets delivered to the victims' computers inwards the offset house either via spear-phishing or infected USB devices.
Once executed, a multi-stage payload infects the victim's reckoner solely later for certain atmospheric condition are met, which includes checking if the infected reckoner has whatever antivirus or safety suite installed or is running inwards an analysis environment.
Besides this, "the threat histrion behind it strictly monitors in addition to controls all operations. If at that spot is a casual infection, which is non inwards United Mexican States or is non of interest, the malware is uninstalled remotely from the victim’s machine," the researchers say.
The Dark Tequila malware basically includes vi primary modules, every bit follows:
- 1. C&C – This business office of the malware manages communication betwixt the infected reckoner in addition to the command in addition to command (C&C) server in addition to also responsible for monitoring man-in-the-middle attacks to defend against malware analysis.
- 2. CleanUp – While performing evasion techniques, if the malware detects whatever 'suspicious' activity—like running on a virtual machine or debugging tools—it performs a amount cleanup of the infected system, removing the persistence service every bit good every bit forensic prove of its presence.
- 3. Keylogger – This module has been designed to monitor the organization in addition to logs keystrokes to bag login credentials for a preloaded listing of websites—both banking every bit good every bit other pop sites.
- 4. Information Stealer – This password stealing module extracts saved passwords from electronic mail in addition to FTP clients, every bit good every bit browsers.
- 5. The USB Infector – This module replicates itself in addition to infects additional computers via USB drives. It copies an executable file to a removable drive that runs automatically when plugged to other systems.
- 6. Service Watchdog – This module is responsible for making for certain that the malware is running properly.
According to the researchers, the Dark Tequila possess is yet active in addition to tin last deployed inwards whatever business office of the basis to assail whatever target "according to the interests of the threat histrion behind it."
To protect yourself, yous are recommended to e'er last vigilant of suspicious emails in addition to continue a proficient antivirus solution to protect against such threats earlier they infect yous or your network.
Most importantly, avoid connecting untrusted removable in addition to USB devices to your computer, in addition to take in disabling auto-run on USB devices.
