Interesting stuff, a banking trojan that doesn't use any code injection. The question is, can this be blocked via HIPS? In the article it's mentioned that it installs event hooks to monitor the browser. Isn't this related to global and window hooking? Also, keyboard and mouse simulation are other things that can be blocked.
BackSwap Malware Now Targets Six Banks in Spain August 22, 2018 https://securityintelligence.com/backswap-malware-now-targets-six-banks-in-spain/