SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

Summary

A new banking fraud operation, dubbed REF6045 by Elastic Security Labs, is targeting Mexican banking users, fintech companies, payment processors, and cryptocurrency exchanges. The operation uses fake CAPTCHA verification pages as a lure, tricking victims into executing malicious commands that install a PowerShell toolkit.

IFF Assessment

FOE

This article describes a new banking fraud operation that targets financial institutions and users, posing a direct threat to defenders.

Defender Context

Defenders should be aware of this new banking fraud operation targeting Mexican financial institutions and their customers. Vigilance against sophisticated social engineering tactics like fake CAPTCHA pages and the use of PowerShell toolkits is crucial for preventing financial losses and protecting sensitive data.

Read Full Story →