07 December 2023
Grandoreiro banking malware targets Mexico and Spain
Grandoreiro is a modular backdoor that supports the following capabilities:
- Keylogging
- Auto-Updation for newer versions and modules
- Web-Injects and restricting access to specific websites
- Command execution
- Manipulating windows
- Guiding the victim’s browser to a certain URL
- C2 Domain Generation via DGA (Domain Generation Algorithm)
- Imitating mouse and keyboard movements
The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. The threat actors behind this campaign impersonate Mexican Government Officials, the malware uses multiple anti-analysis techniques along with implementation of Captcha for evading Sandboxes.
Read more about it : here