A new threat actor has been discovered to have been targeting Mexicans for at least five years with spyware. The group’s malware specifically targets banking details as well as other personal data and is spread through malicious emails in phishing and spear-phishing campaigns. The malware is also able to spread through network connections and even spread to USB drives where it can spread itself to other systems that the device is plugged into. The malware is also sophisticated enough to be able to recognize security environments such as sandboxes and delete all traces of itself. The malware contains keyloggers and scree monitoring that is capable of taking screenshots automatically. Based off of language and other key factors which indicate local knowledge have researchers believing that Dark Tequila are located in either Mexico or elsewhere in Latin or Central America.