New Banking Trojan Target Organizations in Spain and Mexico

August 22, 2022

Attackers are targeting organizations in Spain and Mexico with new Grandoreiro banking trojan. The attackers target the automotive, civil and industrial construction, logistics and machinery sectors via several infection chains in Mexico and chemicals manufacturing industries in Spain.

The attackers target these organizations via spear-phishing emails written in Spanish in order to induce the victims to click on a malicious link. The link retrieves a ZIP archive from which a loader is extracted. To run the trojan, the loader is used, which pretends to be a PDF file.

“This [loader] is responsible for downloading, extracting and executing the final 400MB ‘Grandoreiro’ payload from a Remote HFS server which further communicates with the [command-and-control] Server using traffic identical to LatentBot,” said Zscaler researcher Niraj Shivtarkar.

In addition to running the trojan, the loader also collects information, retrieves a list of installed antivirus solutions, cryptocurrency wallets, banking and email apps, and exfiltrates the information to a remote server.

Findings from security researchers suggest that Grandoreiro is rapidly evolving into sophisticated malware with novel anti-analysis properties that offers attackers full remote access and poses significant threats to employees and their organizations.

The sources for this piece include an article in TheHackerNews.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn