Kaspersky Lab uncovered Dark Tequila malware
Kaspersky Lab uncovered a malware campaign designed to steal financial information and login credentials to popular websites. Dubbed Dark Tequila, it has been active since at least 2013 and most of its victims are located in Mexico, infected by spear-phishing or USB device. Researchers identified six modules embedded in the malicious implant, which handle communication with the command and control server, remove any traces of the malware if the they detect a research environment, steal credentials from online services amd passwords from email, FTP clients, and browsers; copy the malware on any connected USB drives and ensure that the malware is running. The threat actor behind Dark Tequila monitors and controls all operations strictly – in case of a infection which is not in Mexico or is not of interest, the malware is uninstalled remotely from the victim’s computer.