What is the Dark Tequila Threat?

Hello Zimbra Friends,

This blog post is to update you on the Dark Tequila malicious campaign and its possible impact on Zimbra users.

Dark Tequila is a complex, malicious campaign targeting Mexican users, with the primary purpose of stealing financial information and login credentials to popular websites (ranging from code versioning repositories to public file storage accounts and domain registrars).

There is not a vulnerability in Zimbra exploited by Dark Tequila. Instead, email services/clients like Zimbra are just one of the many things targeted by Dark Tequila.

The Dark Tequila malware and its supporting infrastructure are unusually sophisticated for a financial fraud operation. Here’s an excerpt from the original post (ref: https://securelist.com/dark-tequila-anejo/87528/) showing just some of the applications and services that are targeted for credential stealing:

“Module 3 – Keylogger and Windows Monitor. This is designed to steal credentials from a long list of online banking sites, as well as generic Cpanels, Plesk, online flight reservation systems, Microsoft Office365, IBM lotus notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services.”

Best practices for end-users to protect themselves from stolen credentials include:

  • Do not share or reuse passwords – use strong, unique passphrases on every service
  • Avoid phishing scams – don’t open suspicious emails, be wary of unexpected emails, verify links before clicking… be paranoid
  • Use multi-factor authentication
  • Use highly regarded antivirus software on every device you use

Dark Tequila remains active. It can be deployed in any part of the world, and it attacks any target intended by the threat actor who deploys it. Kaspersky Lab detects the campaign as Trojan.Win32.DarkTequila and Trojan.Win64.DarkTequila.

Please warn your end-users.

Best regards,

Your Zimbra Friends and Colleagues



Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures