Security News > 2022 > August > Grandoreiro banking malware targets manufacturers in Spain, Mexico
The notorious 'Grandoreiro' banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico.
It involves the deployment of a Grandoreiro malware variant featuring several new features to evade detection and anti-analysis, as well as a revamped C2 system.
In one case highlighted by security analyst Ankit Anubhav on Twitter, Grandoreiro even asks the victim to solve a CAPTCHA to run on the system, which is another attempt to evade analysis.
Finally, persistence between reboots is maintained by adding two new Registry keys, setting Grandoreiro to launch at system startup.
One of the new additions in the latest Grandoreiro variant sampled by Zscaler is the use of DGA for C2 communications, which makes mapping the malware's infrastructure and taking it down challenging.
Portuguese cybersecurity blogger Pedro Taveres first spotted the commonalities between the two malware strains in 2020, but the assimilation of the C2 communication techniques into Grandoreiro's code was completed only recently.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)