A legitimate binary for creating shortcut keys in Windows is being used to help the malware sneak past defenses. Metamorfo banking trojan is abusing AutoHotKey (AHK) and the AHK compiler to evade detection and steal users information. The malware is targeting Spanish-language users using two separate emails as an initial infection vector. When a victim opens one of the targeted banking pages, it overlays it with a fake version of the webpage designed to harvest credentials. The trojan monitors browser activity looking for targeted banks, which are listed in the process memory.
Source: https://threatpost.com/metamorfo-banking-trojan-autohotkey/164735/