This is geo-targeted banking trojan, specially targeting countries,
Brazil, Chile, Mexico, Spain, Peru and Portugal. It will display a fake pop up security updates:
Then will install the trojans keylogger in your system, you can see below the flow of the attack and infection.
And it's typicial behavior:
- take screenshots
- manipulate windows
- simulate mouse and keyboard actions
- restart the machine
- restrict access to various banking websites and update itself
- steal bitcoins by replacing a bitcoin wallet in the clipboard
bitcoin address of the criminals
1PkVmYNiT6mobnDgq8M6YLXWqFraW2jdAk
159cFxcSSpup2D4NSZiuBXgsGfgxWCHppv
1H35EiMsXDeDJif2fTC98i81n4JBVFfru6
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
So again, we need to be very careful updating not just our banking software, but any softwares regardless if it is a desktop or mobile apps. Check everything before you click.