The malware of Brazilian origin “Janeleiro” attacks clients of the main banks in Mexico, such as BBVA, Santander, Banorte, HSBC, Scotiabank, Bajío, Banregio, as well as the Bitso cryptocurrency buying and selling platform, in order to steal their data of identification and provoke fraud, alerted the cybersecurity firm Metabase Q.
The firm explained that since 2019, the "Janeleiro" malware attacks corporate users of large banks in Brazil and its form of operation is focused on displaying false pop-up windows that pretend to be legitimate bank forms, in order to gain unauthorized access to banking. online from the accounts of their victims.
“Since January 26, 2021, the team has been monitoring an active 'Janeleiro' campaign. This campaign is aimed at both Mexican bank cardholders and cryptocurrency account holders,” the firm explained.
Given the activity in our country, the company named the malware detected in Mexico as "Janeleiro.mx", and explained that its operation is activated depending on the financial portal accessed by the victim and its main objective is to steal credentials, codes generated by tokens physical and email accounts.
Also read: How to know if your cell phone has been hacked and what you can do to avoid it
According to the company, through social engineering, customers are deceived with apocryphal emails where they are asked to access a supposed link from their bank and when they enter the fake site, a malicious program is activated to steal the financial data of the victims.
“Malware is distributed through targeted phishing attack campaigns with malicious links to try to infect the victim. Apparently compromised sites hosting the malware were detected. Unlike Janeleiro, which requires a file to be installed, Janeleiro.mx is a stand-alone executable that runs directly on the infected machine,” he detailed.
The firm explained that once the computer is infected, Janeleiro.mx actively monitors the windows that the victim opens on the computer and compares the name of said windows with an array that contains the names of the possible banks that it will try to access. the victim.
"Once the malware detects interaction with any of these windows, it connects to the attacking group's server to start manipulating bank forms and obtain sensitive information from the victim," he explained.
Also read: Inai recommendations to protect cell phone information from hackers
The firm highlighted that Mexico ranks second in Latin America among the countries with the highest malware attacks, after Brazil and above countries such as Argentina, Chile and Peru.
Given the presence of this type of malware in Mexico, some of the recommendations for bank users are to avoid opening suspicious emails; ensure that computer equipment, mobile devices and applications are up to date with the latest available patches and fixes; do not use public networks to access the banking portal and access from a single device, among others.
cev/rmlgv