New Banking Trojan Target Organizations in Spain and Mexico

Share post:

Attackers are targeting organizations in Spain and Mexico with new Grandoreiro banking trojan. The attackers target the automotive, civil and industrial construction, logistics and machinery sectors via several infection chains in Mexico and chemicals manufacturing industries in Spain.

The attackers target these organizations via spear-phishing emails written in Spanish in order to induce the victims to click on a malicious link. The link retrieves a ZIP archive from which a loader is extracted. To run the trojan, the loader is used, which pretends to be a PDF file.

“This [loader] is responsible for downloading, extracting and executing the final 400MB ‘Grandoreiro’ payload from a Remote HFS server which further communicates with the [command-and-control] Server using traffic identical to LatentBot,” said Zscaler researcher Niraj Shivtarkar.

In addition to running the trojan, the loader also collects information, retrieves a list of installed antivirus solutions, cryptocurrency wallets, banking and email apps, and exfiltrates the information to a remote server.

Findings from security researchers suggest that Grandoreiro is rapidly evolving into sophisticated malware with novel anti-analysis properties that offers attackers full remote access and poses significant threats to employees and their organizations.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways