Our new blog post provides details on their infection chain, with changes we've seen in the past year of the campaign. The blog post contains a lot of IoCs to help identify this threat, but if you want some YARA rules or need more information about it, feel free to message me!
It's over 9000! The number of infected IPs in Portugal in 2025... This group has been targeting Portuguese speakers with a banking trojan since at least 2019, and they just don't stop spamming.
https://t.co/VLeCzli324
🚀 Introducing #r2morph , a metamorphic binary transformation engine built on @radareorg + #r2pipe.
It applies semantic mutations (NOPs, instruction swaps, dead code, opaque predicates…) without breaking functionality.
🧠 Perfect for research on evasion, obfuscation & malware analysis.
🔗 https://t.co/pLh3k2qAwt
#malware #obfuscation #forensics #radare #radare2
Ever wanted to take another look at #OperationTriangulation malware? Then check out VirusTotal - we have uploaded malicious modules used in this campaign.
https://t.co/JmdHltd2Jd
https://t.co/fF4VAGfcdu
https://t.co/hULggfqQst
https://t.co/JmdHltd2Jd
We (@jcfg_ and I) just published an overview of the research we've done so far on #Pseudomanuscrypt at @BitSight
. It includes sample archeology, network protocol identification, DGA domains sinkholing and infection telemetry.
https://t.co/aozYIsLeOA
Check out my latest post on @BitSight’s blog about SystemBC which showcases some of the telemetry we have from infected systems.
https://t.co/Y7TWIa177F