Dark Tequila, which causes more than just a bad hangover, is a malware campaign targeting Mexican users. Even though it was just announced by researchers from Kaspersky Labs, Dark Tequila is believed to have been around since 2013. So no, it’s probably not related to the evil plan of building a certain wall.
Its primary purpose is to steal financial information, as well as login credentials to popular websites like Dropbox, Amazon, GoDaddy, and other services.
The malware spreads to victims via spear-phishing emails* and infected USB devices. So please practice safe cyberspace living. In other words, do not click on links unless you have verified their authenticity and do not insert your USB drive into any computer you have not dated for at least a year.
Dark Tequila and its supporting infrastructure are “unusually sophisticated” for financial fraud schemes, researchers say. The payload* is delivered onto an endpoint only if certain technical conditions are met. If the malware detects a security solution or network monitoring activity, it stops the infection. So as long as ALL the computers connected to your network have antivirus installed you should be safe.
Researchers revealed that, even though Dark Tequila has targeted customers of several Mexican banking institutions and contains some comments embedded in the code written in Spanish, it is designed to be deployed in any part of the world.
What can you do? Make sure you all computers in your network are protected with an antivirus, disable auto-run on USB devices and avoid connecting unknown USB sticks to your computer.
If you are a Beta Brain client, just keep calm and have a beer!
*For your employees’ convenience, in case you want to share this post with them, here is an excerpt from Beta Brain’s dictionary of technical terms:
Spear phishing: an email or electronic communications scam targeted towards a specific individual, organization or business intended to steal data or to install malware on a targeted user’s computer. The apparent source of the email is likely to be an individual within the recipient’s own company or from someone the target knows personally.
Payload: The portion of the malware that performs the malicious action