Mexican organizations are continuously targeted by threat actors using modified AllaKore RAT and SystemBC malware to conduct financial fraud and establish remote access. The campaigns, attributed to the group Greedy Sponge, employ sophisticated delivery methods like phishing, ZIP archives, and geofencing measures. #AllaKoreRAT #SystemBC #GreedySponge
Keypoints
- Threat actors use modified AllaKore RAT to steal banking credentials from Mexican organizations.
- Attack campaigns rely on phishing or drive-by downloads involving ZIP archives with malicious MSI files.
- Greedy Sponge updates its tactics with server-side geofencing to bypass analysis in Mexico.
- The malware can deploy secondary payloads like SystemBC to create proxies and facilitate operations.
- Recent campaigns include using Ghost Crypt crypter to deliver PureRAT and evade detection.
Read More: https://thehackernews.com/2025/07/credential-theft-and-remote-access.html