"Kaspersky Lab" revealed a new financial threat - the Trojan Mezzo, which can replace the details in the files of exchange between accounting and banking systems.
Mezzo is distributed with the help of third-party downloaders. After hitting the device, the Trojan creates a unique identifier for the infected computer - it creates a folder on the server of the attackers to store all the files found by the victim. Each of these folders is password protected.
The primary interest for Mezzo are represented by text files of popular accounting software created less than two minutes ago. The Trojan's functionality assumes that after discovering such documents, it waits for the opening of a dialog box for information exchange between the accounting system and the bank.
If this happens, the virus can substitute the account details in the file directly at the time of data transfer. Otherwise (if the dialog box is not opened) Mezzo replaces the entire file with a fake one.
Also, the analysis of the Mezzo code showed that it could be associated with another sensational Trojan hunting for the cryptocurrency, - CryptoShuffler. Kaspersky Lab's experts found that the Mezzo code and AlinaBot, which downloads CryptoShuffler, are identical to almost the last line. Apparently, for both viruses are the same virus writers, and, hence, their interest can also affect crypto-users.
At the moment, the virus sends merely information collected from the infected computer to the server of intruders, and, in the opinion of analysts, this may indicate that the creators of the Trojan are preparing for the future campaign. The number of victims of Mezzo is still small, with most of the infections recorded in Russia.
Recall, a few days ago, Kaspersky Lab revealed the details of the detected new phishing scheme, through which scammers try to steal cryptocurrency from users of Facebook.
Information Source: Kaspersky Lab