The notorious ‘Grandoreiro’ banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico.
The malware has been active in the wild since at least 2017 and remains one of the most significant threats of its kind for Spanish-speaking users.
The recent campaign, spotted by analysts at Zscaler, started in June 2022 and is still ongoing. It involves the deployment of a Grandoreiro malware variant featuring several new features to evade detection and anti-analysis, as well as a revamped C2 system.
Source: Bleeping Computer