Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC

Aug. 21, 2025, 8:25 p.m.

Description

A financially motivated threat group dubbed Greedy Sponge has been targeting Mexican organizations since 2021 with a modified version of AllaKore RAT and SystemBC malware. The group uses spear-phishing and drive-by downloads to deliver custom packaged installers containing the RAT. Recent updates include improved geofencing, more potent secondary infections, and enhanced credential stealing capabilities. The AllaKore payload has been heavily modified to enable theft of banking credentials and authentication information. The group has shown consistent development of their tactics and techniques over time, demonstrating persistence and some level of operational success. Despite their longevity, they are not considered highly advanced, focusing primarily on financial fraud against Mexican entities across various industries.

External References

https://arcticwolf.com/resources/blog/greedy-sponge-targets-mexico-with-allakore-rat-and-systembc
https://otx.alienvault.com/pulse/68a7465fd6fcc8556c5059d2
Tags
allakore rat
financial fraud
credential theft
drive-by download
systembc
spear-phishing
geofencing
2025-08-21
mexico

Date

  • Created: Aug. 21, 2025, 4:16 p.m.
  • Published: Aug. 21, 2025, 4:16 p.m.
  • Modified: Aug. 21, 2025, 8:25 p.m.

Attack Patterns

  • AllaKore RAT
  • SystemBC
  • Greedy Sponge

Additional Informations

  • Agriculture
  • Retail
  • Entertainment
  • Transportation
  • Finance
  • Government
  • Manufacturing
  • Mexico