Italy under attack: new phishing campaign, this time to spread the South American virus Mekotio that can empty our bank account
The attacks on Italians' online bank accounts continue unabated, targeted by malware conveyed through increasingly refined phishing campaigns. After the fake email from the Ministry of Finance, now it's the turn of the fake email from the Ministry of Transport: a fake fine notice, which contains a very dangerous link.
Dangerous because it leads the user to download the "Mekotio" virus, a banking trojan that is able to steal the credentials of the online bank account. In other words: to empty our bank account in no time. Once again the alert was given on Twitter by security researcher JamesWT, who also published screenshots of the text of the scam email. Once again it is a well-written text, artfully designed to look credible to an unobservant user.
How to recognize the fake Ministry of Transport email
The text of the phishing email carrying the Mekotio malware has the subject line: "Ministry of Infrastructure and Transport - Important notice". Instead, the text reads: "Sincerely, our system has detected an open traffic violation directed at you or your vehicle. For more information see details below".
And below is the link: if the user clicks on it, a Zip file is downloaded from which the infection starts, after which the device is found with Mekotio installed and the user might end up with a big shortfall in the bank account.
Why Mekotio is dangerous
Mekotio is a banking trojan, that is, a malware written specifically to try to steal access data to online accounts. It was born and raised in South American countries such as Brazil, Chile, Mexico, then moved to Spain and Portugal, and now it has arrived in Italy. And it is not good news.
It works in a quite classic way, showing pop up messages that mimic perfectly the login windows of banking institutions in the hope to steal the user's login credentials. In the meantime, it also collects information about the configuration of the firewall, the installed operating system and any installed security suites.