Mexican cryptocurrency exchanges under attack from hackers, claims Blackberry

Criminals are using AllaKore RAT to access company databases and computers

Blackberry’s research and intelligence division recently identified and cautioned about cyber attackers targeting multiple prominent Mexican banks and crypto exchanges.

The report recognized an attack that tried to swipe sensitive user data from banks and crypto trading services using AllaKore RAT, an open-source remote access tool. Hackers attempt to install the tool on company databases and computers, often avoiding detection by disguising themselves behind official links and naming schemes.

“The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud,” reads the report.

A pattern implies that hackers mainly target large firms with more than $100 million in gross revenues. Blackberry cited that these companies report directly to the Mexican Social Security Institute (IMSS).

The majority of attacks were traced to Mexico Starlink IP addresses, and based on the use of Spanish-language instructions in the RAT system, Blackberry deduced that the hackers must be established in Latin America.

However, the extent of the threat is not restricted to big banks and crypto trading firms. Hackers have used the same strategy to target other large Mexican corporations, including agriculture, retail, public sector, transportation, manufacturing, capital goods and commercial services.

At least 41 users said the attackers sent them direct email messages soliciting sensitive details about their recovery seeds at the time of reporting. With the number of data breaches in the entire crypto ecosystem, investors are urged to withhold sharing sensitive data unless confirmed.