Home/News/SCMBANKER Malware Targets Mexican Banks Via ClickFix
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

SCMBANKER Malware Targets Mexican Banks Via ClickFix

SCMBANKER malware is actively targeting customers of Mexican banks, fintech companies, payment processors, and cryptocurrency exchanges, according to Elastic Security Labs. The threat actor group, tracked as REF6045, employs a sophisticated social engineering tactic using "ClickFix" lures to infect victims. These lures manifest as fake CAPTCHA verification pages, designed to trick users into believing they are completing a legitimate security check.

Upon interacting with these deceptive pages, victims are prompted to execute a malicious command. This command, when run, installs a PowerShell toolkit on the compromised system. This toolkit is the initial stage of the SCMBANKER malware infection, enabling further malicious activities. Elastic Security Labs has observed this campaign as a significant and ongoing threat to the Mexican financial sector, highlighting the evolving methods used by cybercriminals to exploit user trust and gain unauthorized access.

The primary objective of the SCMBANKER malware appears to be financial gain, through the theft of banking credentials and other sensitive financial information. The use of fake CAPTCHA pages is particularly insidious, as it leverages a common and often unquestioned element of online security to bypass user vigilance. The PowerShell toolkit deployed by the malware likely facilitates credential harvesting, keylogging, and potentially the exfiltration of data from infected devices. The campaign's focus on multiple types of financial entities suggests a broad attack strategy aimed at maximizing potential victim pools.

Elastic Security Labs' detailed tracking of this activity cluster, under the identifier REF6045, underscores the persistent and adaptive nature of cyber threats. The group's reliance on ClickFix lures and PowerShell-based tools indicates a methodical approach to malware deployment and execution. The ongoing nature of this campaign necessitates increased vigilance from financial institutions and their customers in Mexico to identify and mitigate these phishing and malware-based attacks. Further analysis by security researchers is expected to reveal more about the full capabilities and objectives of the SCMBANKER malware.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next