Picus Labs has updated the Picus Threat Library with new attack methods for Krachulka, Lokorrito, Zumanek Trojans that are targeting banks in Brazil, Mexico, and Spain. In this blog, techniques used by these malware families will be explored. Banking trojans have a significant role in the cybercrime scene in Latin America. According to Eset, 11 different malware families that target banks in Spanish and Portuguese-speaking countries share TTPs, indicating that threat actors are cooperating on some level. For example, the same or similar custom encryption schemes are used by these malware families. In this blog, we will be focusing on 3 malware families called Krachulka, Lokorrito, and Zumanek. Let's start with Krachulka. As a spyware, it gathers classified information from infected systems without the consent of the user and sends gathered information to remote threat actors. Lokkorito and Zumanek act like a classic Remote Access Trojan (RAT). They go one step further than Krachul