Security News > 2020 > March > Cybercriminals and drug cartels are teaming up to spread malware and steal financial information across Latin America
Cybercriminals are now partnering with drug cartels across Latin America to attack financial institutions and governments, leveraging a wide variety of scams and malware to make millions, according to a new report from cybersecurity firm IntSights.
Mexican law enforcement arrested Héctor Ortiz Solares-known as "El H-1" or "Bandido Boss"-in 2019 after he spent years recruiting top-tier hackers who built malware for his gang, named "Bandidos Revolution Team." The malware was designed to infect ATM machines and attack Latin American banks.
"The most notable characteristic of this malware is that the attacker updates its functionality, often to include man-in-the-middle browser attacks. The Catasia malware has found success being hosted on otherwise non-malicious infrastructure, where legitimate business operations are also hosted. During the investigation, it was found that it only focuses on Mexican targets, despite being initially tested in Colombia," the report said.
Since 2018, the Cosmic Banker trojan has also become wildly popular amongst cybercriminals attacking Latin American banks and specifically Mexican financial institutions in April 2019.
"Ryuk is believed to be operated by the same group that manages the Trickbot malware, a group dubbed Wizard Spider, based out of Russia. Ryuk is closely tied to other malware groups and is observed as part of a complex infection chain. For example, one report explains that Ryuk is usually the last step in an attack that starts with Emotet malware delivering the Trickbot trojan. Trickbot deploys post-exploit tools such as Mimikatz and Powershell, which enables it to harvest credentials, remotely monitor a system, and move laterally within the network," the report added.