Targeted Cyber Attacks Unleash Modified AllaKore RAT on Mexican Banks and Crypto Platforms

In the dynamic landscape of cybersecurity, financial institutions and cryptocurrency platforms now face a sophisticated threat. Modified versions of the AllaKore RAT, first observed in 2015, have become the weapon of choice for cybercriminals targeting Mexican companies. This threat actor remains unidentified but is believed to have roots in Latin America.

Since 2021, these cyber attacks have persisted, consistently breaching the security of large companies with revenues surpassing $100 million. Exploiting spear-phishing tactics, the attackers use lures masked as documents associated with the Mexican Social Security Institute (IMSS), baiting unsuspecting victims.

The infection chain unfolds through an MSI installer that carries a .NET downloader. Once activated, it inspects the victim’s geolocation, confirming their presence in Mexico before unleashing the modified AllaKore RAT. Armed with enhanced functionalities, this tool is ruthless. It harvests banking credentials and compromises authentication data, setting the stage for crippling financial fraud. The malware is powerful, capable of keylogging, screen capturing, file manipulation, and even full remote control.

As reported by experts, the malware’s adaptation now targets both Mexican banks and crypto trading platforms. The updated AllaKore RAT extends its reach by extracting clipboard content and executing complex payloads. The evidence points to the campaign’s Latin American connection by utilizing Mexico Starlink IPs and Spanish-language instructions within the payload.

Moving to risks within the world of cryptocurrency, the Lamassu Douro bitcoin ATMs recently came under scrutiny. Researchers uncovered three critical vulnerabilities. These flaws gave an attacker with physical access the capacity to hijack the machines completely. Leveraging the ATM’s software update mechanism and QR code reader, they could carry out arbitrary code execution. However, the company has addressed these vulnerabilities as of October 2023.

Cybersecurity remains a crucial battleground as threats evolve and become more ingenious. From the financially driven exploits capitalizing on the AllaKore RAT to the vulnerabilities plaguing Bitcoin ATMs, it is clear that the need for vigilance and robust security measures is ever-growing. Both instances demonstrate a convergence of technological advancement and criminal innovation—one that demands an immediate and resolute response from security professionals and institution operators alike.

For a comprehensive look at these cybersecurity issues, further details can be found on Fraunhofer’s Malpedia, Blackberry’s blog, and for technical insights into the ATM vulnerabilities, IOActive’s security lab report.