Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 16:22:59 UTC
Home > List all groups > List all tools > List all groups using tool Mekotio
 Tool: Mekotio
Names
Mekotio
Metamorfo
Casbaneiro
Category Malware
Type Banking trojan, Reconnaissance, Backdoor, Keylogger, Info stealer, Credential stealer
Description
(ESET) As is common for most Latin American banking trojans, Mekotio has several typical
backdoor capabilities. It can take screenshots, manipulate windows, simulate mouse and
keyboard actions, restart the machine, restrict access to various banking websites and update
itself. Some variants are also able to steal bitcoins by replacing a bitcoin wallet in the
clipboard and to exfiltrate credentials stored by the Google Chrome browser. Interestingly, one
command is apparently intended to cripple the victim’s machine by trying to remove all files
and folders in C:\Windows tree.
Information
Malpedia Last change to this tool card: 23 October 2024
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a5c752a8-eefc-4ed1-9520-0e0ae67fa892
Page 1 of 2

Download this tool card in JSON format
All groups using tool Mekotio
Changed Name Country Observed
Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a5c752a8-eefc-4ed1-9520-0e0ae67fa892
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a5c752a8-eefc-4ed1-9520-0e0ae67fa892
Page 2 of 2