"Spanish-Language Trojan Targets Many Industry Verticals"

Researchers discovered an ongoing spear-phishing campaign targeting Spanish-speaking countries such as Mexico and Spain, which work in various industries, including automotive, chemical manufacturing, and more. According to Zscaler ThreatLabz, in the most recent campaign, which began in June 2022, researchers observed the notorious Grandoreiro banking Trojan impersonating Mexican government officials. The Grandoreiro Trojan, active since 2016, entices victims to download and execute the Trojan by impersonating the Attorney General's Office of Mexico City and the Public Ministry to target users in Latin America specifically. Researchers observed attackers targeting industries in Mexico such as logistics, machinery, automotive, and civil and industrial construction in the most recent campaign. Attackers in Spain are targeting chemical manufacturing industries. Grandoreiro is written in Delphi and employs techniques such as binary padding to inflate binaries, Captcha implementation for sandbox evasion, and command-and-control (C2) communication that uses LatentBot-like patterns. The campaign begins with a spear-phishing email written in Spanish, with an embedded link that redirects the victim to a website that downloads a malicious ZIP archive on the victim's machine. This archive contains the Grandoreiro Trojan, which disguises itself as a PDF Icon to further lure victims into execution, resulting in the downloading, extraction, and launch of the final 400 MB "Grandoreiro" payload from a remote HFS server. Researchers discovered two distinct types of phishing emails used in this campaign. They discovered that the first set of phishing emails observed in the first campaign were those in which threat actors impersonated government officials and instructed victims to download and share the Provisional Archiving Resolution. This article continues to discuss the latest campaign involving the Grandoreiro Banking Trojan. 

InfoRiskToday reports "Grandoreiro Banking Trojan Impersonates Mexican Government Officials"

Submitted by Anonymous on