Operation CMDStealer: Financially Motivated Campaign Leverages CMD-Scripts and LOLBaS for Online Banking Theft in Portugal, Peru, and Mexico

An unknown, financially motivated threat actor, very likely from Brazil, is targeting Spanish- and Portuguese-speaking victims, with malicious LOLBaS tactics and CMB-based scripts to steal online banking access in Portugal, Mexico, and Peru.