Some Numando variants store these images in an encrypted ZIP archive inside their. CharacteristicsĪs with all the other Latin American banking trojans described in this series, Numando is written in Delphi and utilizes fake overlay windows to lure sensitive information out of its victims. Geographically, it focuses almost exclusively on Brazil with rare campaigns in Mexico and Spain. Even though it is not nearly as lively as Mekotio or Grandoreiro, it has been consistently used since we started tracking it, bringing interesting new techniques to the pool of Latin American banking trojans’ tricks, like using seemingly useless ZIP archives or bundling payloads with decoy BMP images. The threat actor behind this malware family has been active since at least 2018. The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.īefore concluding our series, there is one more LATAM banking trojan that deserves a closer look – Numando.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |