A new campaign targeting Spain and Latin American countries, utilizing the Brazilian stealer Grandoreiro, was detected during March 2025. This report provides detailed insights into the malware’s behavior, along with an explanation of the string obfuscation and decryption techniques employed in this campaign. Grandoreiro Grandoreiro is a Brazilian-origin stealer malware that has been active since […]
Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time, […]
GuLoader as the Gatekeeper of AgentTesla: A Comprehensive Analysis
The malware team at Lab52 has a saying that our colleages know well: “We want your malware”. On this occasion, the Theat Intelligence team gifted us a file that appeared to be a dropper. The file was already flagged by 15 antivirus engines on VirusTotal as malicious. Among the open files, the results of specific […]
Let’s talk about the malware used by Mustang Panda
In the last post, Lab52 covered the new Mustang Panda’s campaing against Australia. Now is time to talk about the malware used by the APT group Mustang Panda in said campaing. Indeed, the malware used to commit the attack is not enterely new; there are previous reports from TrendMicro and Talos where similar tactics and […]