12:00 am

EvilCorp arrives to Mexico

By José Zorrilla from Metabase Q Offensive Security Team, Ocelot.
Leer más


Figure 1. Maksim Yakubets, leader of Evil Corp, wanted by the FBI since the end of 2019

Metabase Q's offensive security team, Ocelot, discovered multiple malicious campaigns from the criminal group, EvilCorp. Since April 2021, they have been compromising Mexican websites and then using them to distribute their preferred malware: Dridex, which has successfully stolen bank information from its victims since 2014.

At the end of 2019, the Department of Justice of the United States, offered $5 million dollars to capture one of Evil Corp.'s Russian founders: Maksim Yakubets, who has been a critical piece of the organization since 2009. He has been recruiting hackers to join their ranks, laundering more than $100 million dollars collected from their victims, mainly from USA and Europe, and transferring the funds to their members, who are primarily located in Russia and Ukraine. This group is credited with creating the Dridex malware, which is usually deployed via e-mail using malicious Microsoft Office macros.

To create greater awareness around these types of attacks in the region, Metabase Q and it is Offensive Security Team, Ocelot decided to publish the details of these campaigns in Mexico. We are focusing on three campaigns that started in April 2021. They all have the download of different malicious payloads from the compromised website of a Congresswoman.

Keep reading

To download this file and keep reading, please fill out the following form.

At least First and Last Name
Please use your work e-mail
Thank you. Click below to download the file
Oops! Something went wrong while submitting the form. Please try again.

Protection recommendations

  • Stay up to date. Make sure computers, mobile devices and applications are updated with the latest patches and patches available.
  • Stay secure. Validate that your computer and mobile devices are protected against viruses (malware), and that the configuration of the Operating System and applications is secure.
  • Stay informed. Ensure your financial services notify you of charges and transactions and keep track of expenses and changes made in the banking service.
  • If it's suspicious, it's dangerous. Be alert to the arrival of unsolicited content, as well as abnormal events in the personal and/or business context. Cybercriminals continuously alternate the communication channel and/or medium to scam their victims into delivering sensitive information.
    • Phone calls
    • Text messages (SMS)
    • Emails
    • Internet browsing
  • Verify before acting. In case of a potential case of account compromise, stay calm and validate movements directly with the source of the financial service available to you.
    • Last recognized charge
    • Last successful access
  • Additional protection. Most financial institutions have additional protection tools available for download. We recommend the use of these tools, considering, however, that they are not a substitute for traditional antivirus.
  • Do not store information. Nowadays, it is common to see Excel, Word, Notepad files in computers with prominent names such as: "Banking passwords", "Electronic banking accesses", etc. This makes it easy for attackers to search for sensitive information, if you cannot memorize this data, do not keep them in sight and use other names to save this information.
  • Control of your PC. If you notice that you no longer have control of your computer, such as: open and close files, turn it off or restart it, change programs or switch between tasks, someone else is likely controlling your computer. Do not enter sensitive information if you believe this may be the case.
  • Use only one computer. Always use a single computer to access your banking services. Do not access your accounts from computers that you do not know or that are used by several people since they could have downloaded or installed malware without realizing it.
  • Public networks. If you are going to access your banking portal, do it from a reliable network. Do not use public wireless networks without a password for this purpose, as this may compromise your information.
  • Continuous and timely communication. Maintain agnostic and continuous awareness of threats to information security, digital hygiene, and mechanisms for validations of charges.
  • Risk in the context of fraud prevention. Consider monitoring and tracking risk events representing business rules, identity, and user trust in each banking channel.
  • 360º visibility of risks. Profile the risks in user activities considering the activities they perform in all the channels with which they interact.
  • Fraud changes and evolution. Evaluate the need to learn from the user activities and the context of the channel, product and/or service, vs. time-based learning. Consider capabilities in engines that facilitate fraud recognition, using supervised and unsupervised learning.
  • Base protection of channels and digital banking. Standardize the detection and respond against intrusions directed to the applications, infrastructure and/or the network of the banking channels.
  • Secure transactions from end-to-end. Identify and monitor transactions in an integral manner, covering from the client’s request, the execution and status of those internal processes to respond to client needs, to the outcome of the resulting transaction. This will significantly facilitate the identification and response to attacks that occur within the infrastructure of the banking channels and/or through abuse of internal processes.
  • Integral Cybersecurity and Fraud Prevention Strategy. Take advantage of business, cybersecurity, and fraud prevention variables to plan and improve protection cases for banking channels.
Ver archivo adjuntoLeer más

Entérate primero

La mejor fuente de videos, eventos, seminarios web y artículos de ciberseguridad, a un click de distancia.

Gracias, se ha suscrito exitosamente
Algo salió mal, por favor intente de nuevo

Be the first to know

The best source of information about cybersecurity videos, events, webinars, articles, and much more just one click away!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.