Dark Tequila Banking Malware Uncovered After 5 Years

Banking Malware

Banking Malware

Banking malware has been decreasing in popularity among cybercrooks for a few years now, one of the reasons being that both anti-malware companies and web browser developers are continuously widening the scope of their protection mechanisms against banking Trojan attacks. This results in conventional banking malware fraud becoming more complicated to pull off every day, resulting in malware authors shifting their time and resources into developing easier-to-make and more profitable types of malware like ransomware, cryptominers, and cryptocurrency stealers.



Banking Malware



Dark Tequila Banking Malware Uncovered After 5 Years of Activity


Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013.

Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques.

Dark Tequila has primarily been designed to steal victims’ financial information from a long list of online banking sites, as well as login credentials to popular websites, ranging from code versioning repositories to public file storage accounts and domain registrars.

The malware gets delivered to the victims’ computers in the first place either via spear-phishing or infected USB devices.

Once executed, a multi-stage payload infects the victim’s computer only after certain conditions are met, which includes checking if the infected computer has any antivirus or security suite installed or is running in an analysis environment.



Dark Tequila



The Dark Tequila Banking malware basically includes 6 primary modules, as follows:


  1. C&C – This part of the Banking malware manages communication between the infected computer and the command and control (C&C) server and also responsible for monitoring man-in-the-middle attacks to defend against malware analysis.
  2. CleanUp – While performing evasion techniques, if the banking malware detects any ‘suspicious’ activity—like running on a virtual machine or debugging tools—it performs a full cleanup of the infected system, removing the persistence service as well as forensic evidence of its presence.
  3. Keylogger – This module has been designed to monitor the system and logs keystrokes to steal login credentials for a preloaded list of websites—both banking as well as other popular sites.
  4. Information Stealer – This password stealing module extracts saved passwords from email and FTP clients, as well as browsers.
  5. The USB Infector – This module replicates itself and infects additional computers via USB drives. It copies an executable file to a removable drive that runs automatically when plugged to other systems.
  6. Service Watchdog – This module is responsible for making sure that the malware is running properly.


According to the researchers, the Dark Tequila banking malware campaign is still active and can be deployed in any part of the world to attack any target “according to the interests of the threat actor behind it.”

To protect yourself, you are recommended to always be vigilant of suspicious emails and keep a good antivirus solution to protect against such threats before they infect you or your network.

Most importantly, avoid connecting untrusted removable and USB devices to your computer, and consider disabling auto-run on USB devices.








Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: