A new campaign targeting Spain and Latin American countries, utilizing the Brazilian stealer Grandoreiro, was detected during March 2025. This report provides detailed insights into the malware’s behavior, along with an explanation of the string obfuscation and decryption techniques employed in this campaign. Grandoreiro Grandoreiro is a Brazilian-origin stealer malware that has been active since […]
phishing
New invitation from APT29 to use CCleaner
Last month of May we were talking about the new APT29 campaign that we called “Information”. Recently, just a week ago, an unknown actor used similar techniques to APT29. This time APT29 is once again the focus after new techniques were identified in their operations. This post details the new techniques observed, in particular: SVG […]
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
In July of 2021, we identified an infection campaign targeting important European entities. During this investigation we could identify the threat actor behind these attacks as LazyScripter, an emerging APT group pointed by MalwareBytes in February 2021. Through our analysis, we could track their activity with precise dates in 2021 based on their samples. Furthermore, […]