Grandoreiro Malware Campaign Targets Europe and Latin America
ID: 53fef871-7a00-5e24-8cdd-83090fdced1f
STIX ID: report--53fef871-7a00-5e24-8cdd-83090fdced1f
Feed Name: WatchGuard Secplicity Blog
Grandoreiro banking-trojan campaigns continue to actively target banks and financial services in Portugal, Spain, Mexico and Latin America using phishing to deliver DLL side-loading loaders (libwebp.dll, mingw10.dll, libffi-6.dll, libpng15.dll) and obfuscated VBS droppers; the malware leverages WebRTC/STUN/ICE, cloud services (Google Cloud, Azure, AWS, Binance API), anti-debugging and geofencing to evade detection while abusing legitimate hosting and file-sharing platforms.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
