The service, likely a rebrand of a previous operation called ‘Caffeine,’ mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.
Source: htdarkreading.com