Mekotio collects the following information about its victims:
These windows are carefully designed to target Latin American banks and other financial institutions. As such, it attacks by displaying fake pop-up windows to its victims, trying to entice them to divulge sensitive information. Mekotio is a typical Latin American banking trojan that has been active since at least 2015. However, similar to Casbaneiro, these variants are practically impossible to separate from each other, so we will refer to them all as Mekotio. Based on its internal versioning, we believe there are multiple variants being developed simultaneously. As with many other Latin American banking trojans we have described earlier in this series, Mekotio has followed a rather chaotic development path, with its features being modified very often.