A financially motivated threat group dubbed Greedy Sponge has been targeting Mexican organizations since 2021 with a modified version of AllaKore RAT and SystemBC malware. The group uses spear-phishing and drive-by downloads to deliver custom packaged installers containing the RAT. Recent updates include improved geofencing, more potent secondary infections, and enhanced credential stealing capabilities. The AllaKore payload has been heavily modified to enable theft of banking credentials and authentication information. The group has shown consistent development of their tactics and techniques over time, demonstrating persistence and some level of operational success. Despite their longevity, they are not considered highly advanced, focusing primarily on financial fraud against Mexican entities across various industries.