Mekotio: the virus that mimics security alerts

Last update March 20, 2023 at 01:12 am

One type of virus mimics windows security alerts in order to attack their targets. This is Mekotio, a trojan horse from Latin America.

In this article we are going to use a lot of terms that you may not understand. To update you, we recommend the Guide to all you need to know about computer viruses. This passionately written post will help you learn more about computer viruses. We continue the post with Mekotio, a virus with a rather unique mode of operation.


[bctt tweet=”Mekotio: the virus that mimics security alerts” username=”tedidevblog”]




What is the Mekotio virus?


What is the Mekotio virus
Image taken from


Mekotio is a trojan horse virus whose main targets are banking infrastructures. This virus born in the years 2015 mainly attacks the countries of Latin America. You run the risk of having a machine infected with the virus if you live in Brazil, Chile, Mexico, Spain, Peru, and Portugal.

There are several variants of the Mekotio virus. But the majority of these viruses share some common characteristics.




Features of Mekotio

Mekotio is a banking trojan who has been active since 2015 in Latin America, the country of origin. To attack its victims, the virus displays a fake windows dialog prompting them to disclose sensitive information. The window created by the virus is specially designed to trap individuals working in financial institutions and banks in Latin America. To recognize the virus, all you have to do is see a window like this appear on your machine.




The damage that the Mekotio virus can cause

The dangerousness of the virus lies in its ability to collect very sensitive information and create new vulnerabilities in the victim's computer that will allow him to attack the machine more easily.

The data collected by Mekotio is often detailed information on the security level of the victim's pc. This information ranges from the configuration of the firewall to the list of anti-malware installed in the machine. It can also collect information about the version of windows installed in the machine.

When all the necessary information is collected, the virus can proceed to the next attack which consists of taking screenshots, manipulating the window, simulating the actions of the mouse and the keyboard. The victim's machine can be controlled to the point of forcing restart of the victim's machine or denying access to other banking websites. The virus is able to update itself.

Although the Mekotio virus primarily targets banking institutions and Latin Americano banks, there are variants that specialize in stealing Bitcoins from users.



Last update March 20, 2023 at 01:12 am



This is the second article of the day which talks about cybersecurity. You may be interested in Amazon: a flaw allows the hacker to hack your bank account et Docker: A cybercriminal runs a malicious image directly on the host.