Home > News > BlackBerry Reveals Hacking Group Targeting Mexican Banks and Crypto Firms

BlackBerry Reveals Hacking Group Targeting Mexican Banks and Crypto Firms

Published: Jan 25, 2024
Written By:
Vignesh Karunanidhi
Milk Road Writer
BlackBerry Reveals Hacking Group Targeting Mexican Banks and Crypto Firms

A hacking group has been targeting major Mexican banks, cryptocurrency companies, and other large businesses with custom malware designed to steal banking credentials and personal authentication information.

BlackBerry Research & Intelligence revealed this week that the multi-year campaign utilizes social engineering and legitimate documents to distribute remote access Trojan (RAT) tool installers, allowing the threat actors sweeping access and monitoring.

Key components of the threat include:

  • Custom RAT based on open-source AllaKore malware.
  • Phishing lures cite official Mexican agencies like social security.
  • Targets banks and crypto trading entities prominently.
  • Confirmed activity since at least 2021 remains ongoing.
  • Attribution hints at a Latin America-based cybercriminal cell.

According to BlackBerry, the initial phishing emails contain links or attachments that resemble official government communications and documents.

Read more: Trezor Warns Of Unauthorized Phishing Email Impersonating The Firm

If opened, multi-stage malware verifies the target’s presence in Mexico before silently downloading the customized AllaKore RAT strain. The RAT is equipped to loot credentials as well as proprietary bank and account authentication material.

The names of functions contained in the malware code specifically reference stealing data from six major Mexican banks and a cryptocurrency trading provider.

Blackberry identifies the threat actor as being from Latin America

While the group’s exact identity remains ambiguous, researchers cite clues possibly tying it to cybercriminal actors residing in Latin America.

These include malware debugging infrastructure in Spanish, command and control servers located at Mexican satellite ISPs, and an exclusive focus on Mexican entities sustained over the years.

Read more: Binance Founder CZ Denied Travel To UAE Despite $4.5B Equity As Security Offering

Such persistence in targeting a single region is extremely rare among financially driven hacking collectives. This sequence suggests a domestic group with extensive local access and expertise.

By customizing commodity RAT tooling to systematically siphon highly sensitive information, the threat actors are carrying out sophisticated, tailored intrusions that pose major risks to Mexican financial infrastructure.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.
Read More