Hackers Use Grandoreiro Malware to Target Portuguese Banks and Latin American Companies

The report describes resurgent Grandoreiro banking-trojan campaigns that use phishing to deliver malicious DLL side-loading payloads and obfuscated VBS, leveraging cloud platforms (Google Cloud, Microsoft Azure, Amazon) and geofenced fake pages to blend in and evade detection; the malware performs credential theft, keylogging and banking overlays against banks and businesses across Portugal, Spain, Mexico and Latin America, and the report includes IoCs and detection/mitigation guidance.