CryptoForDay

Your daily dose of crypto news

Cyberthreat Warning for Mexican Crypto Exchanges from Blackberry

2 min read
768a35da468cecf89c0fbf507120d91d CryptoForDay

Cyberthreat Warning for Mexican Crypto Exchanges from Blackberry

Blackberry, the research and intelligence division of the once-dominant cellphone brand, has identified and warned about a financially motivated attacker targeting high-net-worth Mexican cryptocurrency exchanges and banks. According to their report, the threat involves the use of an open-source remote access tool called AllaKore RAT to steal sensitive user information from financial institutions. The attackers install the tool on company computers and databases, often disguising it behind official naming schemes and links to avoid detection.

Blackberry’s report highlights that the AllaKore RAT payload has been modified to enable the threat actors to send stolen banking credentials and authentication information to a command-and-control server for financial fraud purposes. The threat mainly targets large companies with annual revenues exceeding $100 million, particularly those that report directly to the Mexican Social Security Institute (IMSS). The majority of the attacks originated from Mexican Starlink IP addresses, leading Blackberry to conclude that the threat actor is based in Latin America.

The newer versions of AllaKore RAT utilize a more complex installation process, where the software is delivered to targets via a Microsoft software installer file. The software only executes if it detects the victim is located in Mexico. The threat is not limited to large banks and cryptocurrency trading services. Blackberry found that the same method is used to target large Mexican corporations in various industries, including retail, agriculture, public sector, manufacturing, transportation, commercial services, and capital goods.

Cyberattacks through basic phishing techniques are on the rise and have proven successful in stealing funds. For example, hardware wallet manufacturer Trezor recently experienced a security breach that led to the leak of contact information for around 66,000 users. Although Trezor assured its users that their funds remained secure, at least 41 users received direct email messages from the attacker requesting sensitive information about their recovery seeds.

Given the numerous data leaks within the cryptocurrency ecosystem, investors are advised to be cautious and avoid sharing sensitive information unless it has been verified.

7 thoughts on “Cyberthreat Warning for Mexican Crypto Exchanges from Blackberry

  1. Kudos to Blackberry for highlighting the modified payload of AllaKore RAT that enables the theft of banking credentials for financial fraud purposes. Staying one step ahead of these attackers is key.

  2. Wow, attackers are really going all out to steal sensitive information. Stay safe, everyone!

  3. Another day, another cyber threat. It’s exhausting to keep up with all these risks. 😩

  4. It’s alarming that these attacks mainly target large companies with annual revenues exceeding $100 million. 💰 Cybersecurity should be a top priority for any organization operating in the digital age. 🔐

  5. I wouldn’t be surprised if Blackberry is behind this attack just to promote their own security solutions.

  6. The newer versions of AllaKore RAT using the Microsoft software installer file show how attackers are evolving their techniques. 💡 It’s essential for users to stay vigilant and keep their software up to date. ⚙️

  7. Blackberry should provide more evidence to support their claims. Right now, it just seems like speculation. 🤨

Leave a Reply

Copyright © All rights reserved.