Grandoreiro Malware Campaign Hits Banks and Latin American Companies

The Grandoreiro banking trojan has resurfaced in a phishing-driven campaign targeting banks and financial services across Portugal, Spain, Mexico and Latin America; attackers use DLL side-loading and obfuscated VBS to drop Delphi payloads, abuse cloud services (Dropbox, Mediafire, Contabo, Google Cloud, AWS, Azure), and employ advanced anti-analysis and evasion techniques, with known IOCs including 162.33.177.150 and domains uniaodownloadcnk.online and byethost.com.