What Is Dark Tequila? Banking Malware Targets Amazon, Godaddy and Dropbox Users

A sophisticated banking malware named after a shot of alcohol has been targeting Internet users in Mexico for around 5 years, according to a report by the Russian cybersecurity company Kaspersky Labs.

The Dark Tequila cyber campaign moves through a victim's computer while they are offline, stealing banking information and other personal data, according to the company.

"The Dark Tequila malware and its supporting infrastructure are unusually sophisticated for financial fraud operations. The threat is focused mainly on stealing financial information, but once inside a computer, it also siphons off credentials to other sites, including popular websites, harvesting business and personal email addresses, domain registers, file storage accounts and more, possibly to be sold or used in future operations," Kaspersky said in a statement.

"Examples include Zimbra email clients and the websites for Bitbucket, Amazon, GoDaddy, Network Solutions, Dropbox, RackSpace and others."

963995066-594x594
Participants attend cybersecurity company Kaspersky Lab’s Global Partner Conference 2018. The company released information this week on a new type of cyber campaign stealing banking information in Mexico. Ian Gavan/Getty Images

It is unclear exactly how many people have had their data compromised by Dark Tequila, which is spread primarily through infected USB sticks and phishing campaigns, but representatives of Kaspersky told Newsweek that it's likely there have been at least 100,000 victims since 2013.

"The total number of the victims since 2013 is not confirmed. However, speaking about 2018, we have confirmed more than 30,000 unique victims, and the number is growing. So, it's reasonable to believe that since 2013 there've been more than 100,000 victims or even more than that," Dmitry Bestuzhev, director of Kaspersky Lab's Global Research and Analysis Team in Latin America, told Newsweek.

The company's cybersecurity experts believe that the cyber campaign originated in Latin America because its code contains words in Spanish that are specific to the region. Phishing scams are one of the most common forms of cyberattack and are estimated to have successfully stolen millions of dollars from fortune 500 companies.

Kaspersky Labs reports on cyber breaches and malware in order to promote its own cybersecurity software. The U.S. government has banned government agencies or contractors from using Kaspersky due to concerns that it might be compromised by the Russian government and could be used to gather intelligence on its users.

The Moscow-based company filed several lawsuits against the Department of Homeland Security in response to the ban, saying that it caused undue harm. The lawsuits were thrown out, however, in May 2018.

What Is Dark Tequila? Banking Malware Targets Amazon, Godaddy and Dropbox Users | World