VERY IMPORTANT

Check Point Research recently discovered an active campaign operating and deploying a new variant of the BBTok banker in Latin America. In the research, we highlight newly discovered infection chains that use a unique combination of Living off the Land Binaries (LOLBins). This resulting in low detection rates, even though BBTok banker operates at least since 2020. As we analyzed the campaign, we came across some of the threat actor’s server-side resources used in the attacks, targeting hundreds of users in Brazil and Mexico.