Security News > 2022 > August > New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan.

"In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute 'Grandoreiro,' a prolific banking trojan that has been active since at least 2016, and that specifically targets users in Latin America," Zscaler said in a report.

"This [loader] is responsible for downloading, extracting and executing the final 400MB 'Grandoreiro' payload from a Remote HFS server which further communicates with the Server using traffic identical to LatentBot," Zscaler researcher Niraj Shivtarkar said.

Observed in the wild for at least six years, Grandoreiro is a modular backdoor with an array of functionalities that allows it to record keystrokes, execute arbitrary commands, mimic mouse and keyboard movements, restrict access to specific websites, auto-update itself, and establish persistence via a Windows Registry change.

The findings suggest that Grandoreiro is continuously evolving into a sophisticated malware with novel anti-analysis characteristics, granting the attackers full remote access capabilities and posing significant threats to employees and their organizations.

The development also arrives a little over a year after Spanish law enforcement agencies apprehended 16 individuals belonging to a criminal network in connection with operating Mekotio and Grandoreiro in July 2021.

News URL

https://thehackernews.com/2022/08/new-grandoreiro-banking-malware.html