Dark Tequila

A dangerous malicious application has been uncovered recently. Dubbed Dark Tequila, the infection was developed to steal financial information and credentials primarily. Therefore, it has been categorized as extremely dangerous malware. According to specialists who have analyzed this infection, it most likely targets Mexican users only because it checks the affected computer’s IP address and immediately deletes itself if it finds out that the victim’s geographic location is not Mexico. Do you suspect that Dark Tequila has infiltrated your computer? It would be a lie if we told you that it is a piece of cake to find out about its existence. We say so not without reason. Researchers have noticed that this malicious application uses a few sophisticated evasion techniques that allow it to stay undetected. In other words, this threat tries hard not to be removed from the affected computer. Luckily, it does not mean that there is nothing you can do to get rid of it. Despite the fact that it is not easy to detect Dark Tequila, it is quite easy to delete it since it does not have many components. You will find more information about the Dark Tequila removal in the last paragraph of this report, so please read it until the end.

Dark Tequila is not exactly a new malicious application. Yes, it has been detected only recently, but it seems that it has been active since 2013. In a general sense, Dark Tequila is all about stealing sensitive data. Research carried out by malware analysts has clearly shown that it primarily tries to steal financial information from banking websites. Additionally, it tries to obtain login credentials. A bunch of different websites/services Dark Tequila targets can be distinguished. These include Amazon, Dropbox, Cpanels, Microsoft Office 365, Zimbra email, and others. If it has turned out that Dark Tequila is active on your system, you should not use these services until you remove the threat from your system because it might obtain private data and your credentials in the blink of an eye. In other words, the infection acts as a keylogger. Needless to say, this might result in hacked accounts and privacy-related problems.

Dark Tequila is quite a unique threat in a sense that it consists of 6 different modules. The first module communicates with the C&C server. The second one is responsible for detecting suspicious activity. For example, if it turns out that it runs on a virtual machine, it removes itself fully right away. The third module monitors keystrokes. In other words, it is all about stealing login credentials. The fourth module steals passwords from browsers, FTP clients, and emails. The fifth one injects itself into USB drives attached to affected computers. Finally, the sixth module monitors how malware acts. Specifically speaking, it has to make sure that Dark Tequila works in a proper way. As you can see, Dark Tequila is quite a sophisticated threat. Luckily, its removal is not something very problematic. No, you cannot ignore its presence on your computer if it turns out that you have it on your PC.

It is not a secret how Dark Tequila is distributed as well. First, it can be distributed via phishing emails. Second, it might travel via compromised USB drives. Dark Tequila copies itself to an attached USB flash drive upon the installation to make sure it can spread further and affect more computers. In other words, it can replicate itself like a worm. Dark Tequila is no doubt a serious threat, but, believe us, it is not the only harmful malicious application you can encounter. Hundreds of sophisticated threats are available, but, luckily, there is one simple way to prevent malware from entering the system. You just need to install an automated antimalware tool on your computer.

Delete Dark Tequila right away if you ever find out that you have it installed on your computer. The longer you do not do anything, the more information it might steal from you. To delete this threat fully, you just need to erase one file and then check your USB flash drive if it was attached to your PC. The malicious application could have dropped three files on it. Alternatively, the malicious application can be erased automatically using a powerful antimalware tool.

Delete Dark Tequila

1. Open Windows Explorer.
2. Access %WINDIR% (type the directory in the URL bar and press Enter).
3. Delete csrss.dll.
4. Delete the following files from your USB flash drive: :\autorun.exe, :\pictures.exe, and :\autorun.inf.
5. Empty Trash.