New BBTok banking trojan plagues the LATAM region

Threat actors currently execute a sophisticated cybercriminal campaign that leverages the new BBTok banking trojan to attack Latin America. These attackers are impersonating the interfaces of more than 40 Mexican and Brazilian banks to deceive their victims into providing 2FA and payment card details so they can hijack bank accounts.

Reports stated that the attackers created intricate infection chains that could target multiple versions of Windows, expanding their attack scope. Moreover, these threat actors use a distinctive combination of Living-off-the-land binaries (LOLBins) that could ensure their malicious activities remain undetected for more extended periods.

 

The BBTok banking trojan operators deceive its users into harvesting critical information that could allow them to hijack accounts.

 

The operators of this BBTok banking trojan use interfaces that impersonate Mexican and Brazilian financial institutions. Unfortunately, these fake interfaces are compelling because they could fool unsuspecting users into giving their personal and sensitive financial information.

The actors typically want to acquire the security code, token number, or 2FA of their victims’ bank accounts to execute their malicious plans. In some cases, several victims directly provide their payment card numbers to these adversarial interfaces, making the hijacking easier for threat actors.

BBTok banking has been infecting the Latin American region since 2020, when attackers first distributed it through fileless attacks. Its malicious functionalities include enumerating and terminating processes, controlling keyboards and mice, changing clipboard contents, and running typical banking trojan capabilities.

The hackers’ sophistication is on point in this campaign. They have shown they could adapt and use their malware in other operations. In addition, these threat actors employed advanced obfuscation techniques and exploited geographic boundaries through advanced geofencing to expand their attack range to other regions.

BBTok has evolved into malware that significantly threatens financial institutions. Furthermore, its operators showed they had mastered impersonation techniques that allowed them to fool even the most careful users.

Individuals and organisations should remain vigilant, be knowledgeable about the recent trends in the cybercriminal landscape and employ excellent cybersecurity solutions to prevent these threats from infecting their networks.