Security News > 2022 > August > Grandoreiro banking malware targets manufacturers in Spain, Mexico
The notorious 'Grandoreiro' banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico.
It involves the deployment of a Grandoreiro malware variant featuring several new features to evade detection and anti-analysis, as well as a revamped C2 system.
In one case highlighted by security analyst Ankit Anubhav on Twitter, Grandoreiro even asks the victim to solve a CAPTCHA to run on the system, which is another attempt to evade analysis.
Finally, persistence between reboots is maintained by adding two new Registry keys, setting Grandoreiro to launch at system startup.
One of the new additions in the latest Grandoreiro variant sampled by Zscaler is the use of DGA for C2 communications, which makes mapping the malware's infrastructure and taking it down challenging.
Portuguese cybersecurity blogger Pedro Taveres first spotted the commonalities between the two malware strains in 2020, but the assimilation of the C2 communication techniques into Grandoreiro's code was completed only recently.