logo

Grandoreiro Malware Campaign Targets Europe and Latin America

ID: 53fef871-7a00-5e24-8cdd-83090fdced1f

STIX ID: report--53fef871-7a00-5e24-8cdd-83090fdced1f

Feed Name: WatchGuard Secplicity Blog

Threat Score
75/100

Date Published: 2026-05-26

Date Updated: 2026-06-21

Author: Euler Neto

...
...

Grandoreiro banking-trojan campaigns continue to actively target banks and financial services in Portugal, Spain, Mexico and Latin America using phishing to deliver DLL side-loading loaders (libwebp.dll, mingw10.dll, libffi-6.dll, libpng15.dll) and obfuscated VBS droppers; the malware leverages WebRTC/STUN/ICE, cloud services (Google Cloud, Azure, AWS, Binance API), anti-debugging and geofencing to evade detection while abusing legitimate hosting and file-sharing platforms.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.