Skip to content

Blackberry Alerts Mexican Crypto Exchanges of Ongoing Cyber Threat

Blackberry's research division has alerted Mexican cryptocurrency exchanges and banks to an ongoing cyber threat targeting high-net-worth entities. The attacker uses an open-source remote access tool called AllaKore RAT to steal sensitive user information.

Blackberry, the former cellphone market leader, has issued a warning regarding a financially motivated cyber attacker targeting high-net-worth Mexican cryptocurrency exchanges and banks. The attack identified by Blackberry's research and intelligence division aims to steal sensitive user information from banks and crypto trading services using an open-source remote access tool called AllaKore RAT.

Attack Details

The threat seeks to install AllaKore RAT on company-run computers and databases, often evading suspicion by masquerading as official software. The attackers primarily target large companies with gross revenues exceeding $100 million, which report directly to the Mexican Social Security Institute (IMSS).

Most of the attacks have been traced back to Mexico Starlink IPs, indicating a local source. The use of Spanish-language instructions in the modified RAT payload led Blackberry to conclude that the threat actor is based in Latin America.

Newer versions of AllaKore RAT use a more complex installation process, with the software delivered in a Microsoft software installer (MSI) file. The software only executes if the victim's location is confirmed as Mexico.

Diverse Targets

While large banks and crypto trading services have been the primary targets, the threat extends beyond these sectors. Large Mexican corporations in various industries, including retail, agriculture, public sector, manufacturing, transportation, commercial services, and capital goods, have also been targeted using the same method.

Rising Phishing Attacks

Phishing attacks, especially those involving basic techniques, have been on the rise in the crypto industry, with an increasing success rate in stealing funds. In a recent incident, contact information for nearly 66,000 users of hardware wallet manufacturer Trezor was leaked due to a security breach. Some users received direct email messages from attackers requesting sensitive information about their recovery seeds.

Crypto investors are advised to exercise caution and avoid sharing sensitive information unless it can be verified, given the numerous data leaks occurring across the crypto ecosystem.