A critical exploit, CVE-2024-21182, affects Oracle WebLogic Server. Concurrently, the Grandoreiro banking trojan resurfaces, leveraging phishing campaigns to target banking customers in Europe and Latin America. This trojan is known for bypassing security measures using advanced DLL side loading techniques, employing legitimate applications to execute malicious payloads.
Researchers noted that Grandoreiro has adapted by using both web conferencing protocols for stealth and obfuscated Visual Basic scripts to deliver malware. Despite previous law enforcement efforts, the group remains active, prompting the need for improved endpoint defenses among financial organizations, including monitoring unauthorized DLL modifications and enforcing strict application controls.