Specialists from Kaspersky Lab, the biggest cybersecurity company in Russia, have spotted a new Trojan called Mezzo, which was specially developed to hunt for "real," conventional money as well as cryptocurrencies, the company’s press release states.
Mezzo can falsify data in exchange files between accounting and banking systems and is currently sending information obtained from an infected computer to the criminals’ servers. Analysts say that this may be a signal that the Trojan’s creators are getting ready for an upcoming campaign to steal the money.
Not many computers have been infected by Mezzo so far, but all of them have proved to be in Russia. The virus spreads with the help of external loading programs. Once on a device, the Trojan virus creates a unique identification code for an infected computer which is further used to add a password protected folder on the hackers' server to store all the files stolen from the victim’s computer.
Mezzo takes a primary interest in text files of popular accounting software, which were created less than two minutes earlier. When it spots these types of documents, the Trojan waits for a dialogue window to open to exchange data between a bank and an accounting system. If this happens it can replace the account details exactly as the exchange takes place. Voila! Your money is sent to them. If no dialogue window opens, Mezzo can even falsify the whole file.
"Analysis of the Mezzo code has shown that the virus can be linked to another much talked about Trojan, which is hunting for cryptocurrencies, the so-called CryptoShuffler. Kaspersky Lab experts have discovered that the Mezzo code and that of AlinaBot, which loads CryptoShuffler, are identical to the very last line. The codes of both viruses have obviously been written by the same virus programmers, thus they may be also interested in users' crypto-wallets," the company noted.
Sergei Yunakovsky, an antivirus expert with Kaspersky Lab, pointed out that with the help of a similar Trojan virus called TwoBee, which the company detected about a year ago, perpetrators managed to snatch over 200 million rubles from Russian companies.
Mezzo is different from the point of view of employing a simpler algorithm to search for and check the files it is interested in. It is highly probable that its functionality is not limited to solely accounting programs, as any virus is known to increasingly employ multiple different modules and functions.
Founded in 1997, Kaspersky Lab is a multinational cybersecurity and anti-virus provider based in Moscow, Russia and operated by a holding company in the United Kingdom. It develops and sells cybersecurity software, boasting about 400 million clients around the world, and is the leading anti-virus solution in Europe.