Trojan

Mekotio

First seen: 2015 • Status: active

Currently Active Threat

Mekotio tricks people in Latin America with fake banking pop-ups that steal their real login information.

Overview

Mekotio is a banking trojan from Latin America that uses overlay attacks. It targets Spanish and Portuguese-speaking countries with sophisticated social engineering.

Also Known As

Metamorfo

How It Spreads

  • Tax-themed phishing
  • Malicious MSI files
  • Fake government emails

What It Does

  • Banking overlay attacks
  • Clipboard hijacking
  • Bitcoin address replacement
  • Screenshot capture

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for overlay attack indicators
  • Check for clipboard monitoring
  • Analyze tax-related phishing
  • Review MSI execution

MITRE ATT&CK Techniques

T1566, T1185, T1115, T1113

If You're Infected

  1. 1.

    Remove Mekotio

  2. 2.

    Reset banking credentials

  3. 3.

    Check cryptocurrency transactions

  4. 4.

    Contact financial institutions

Related Malware

Grandoreiro, Chaes, Casbaneiro

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices