Security News > 2021 > March > Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection

The Metamorfo banking trojan is abusing AutoHotKey and the AHK compiler to evade detection and steal users' information, researchers have warned.

One is a purported request to download a password-protected file; and the other is an elaborate spoofed notification about pending legal documents, with a link that downloads a.ZIP file.

Metamorfo Abusing AHK. In both cases, the malicious code is contained in a.ZIP file that's ultimately downloaded to victim computers.

It contains three files: the legitimate AHK compiler executable, a malicious AHK script and the banking trojan itself.

In the first instance, there is a.ZIP file containing an MSI file that includes a malicious domain harboring 32 and 64-bit versions of a second.

ZIP file drops a shortcut file containing a malicious Finger command.

News URL

https://threatpost.com/metamorfo-banking-trojan-autohotkey/164735/