Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky supports INTERPOL-coordinated action to disrupt Grandoreiro malware operation

According to conservative estimates, the banking trojan operators are believed to have defrauded victims of more than 3.5 million euros (more than PHP 214 million).

Kaspersky has assisted an INTERPOL-coordinated action, which has led to Brazilian authorities arresting five administrators behind a Grandoreiro banking trojan operation. According to conservative estimates, the banking trojan operators are believed to have defrauded victims of more than 3.5 million euros (more than PHP 214 million).

Grandoreiro is a Brazil-originated banking trojan, which, according to Kaspersky data, has been active since at least 2016. Attacks using Grandoreiro frequently start with a spear-phishing email written in Spanish, Portuguese or English. Once installed on a victim machine, the trojan tracks keyboard inputs, simulates mouse activity, shares screens, collecting data such as usernames, operating system information, device runtime and, most importantly, bank identifiers. With full control over victims’ bank accounts, criminals empty them, sending funds through a money mule network to launder the illicit proceeds.

The trojan has many versions, which might indicate that different operators are involved in the development of the malware, with Kaspersky experts having seen Grandoreiro operating as a Malware-as-a-Service (MaaS) project. The prolific banking malware targets more than 900 financial institutions in more than 40 countries in North and Latin America, and Europe. 

As part of the current joint effort, Kaspersky along with INTERPOL’s other private partners contributed to the analysis of Grandoreiro malware samples, gathered by Brazilian and Spanish national cybercrime investigations between 2020 and 2022. In 2020-2022, Kaspersky products detected 150,000 attacks with the use of Grandoreiro banking trojan on 40,000 users worldwide. Brazil, Spain, Mexico, Portugal, Argentina, and the USA turned out to be the most affected countries.

As a result, by August 2023, analytical reports had been produced that had identified overlaps between the samples, allowing investigators to close in on the organized crime group.

Advertisement. Scroll to continue reading.

“We have been witnessing Grandoreiro’s campaigns since at least 2016. Over time, the attackers have been regularly improving techniques, striving to stay undetected and active for longer periods of time. In these circumstances, it is extremely important for financial institutions to stay vigilant while also improving their anti-fraud technologies and threat intelligence data. Greater synergy between private and public partners is also pivotal for combating against such cybercrimes and ensuring a safer environment for users and organizations worldwide,” comments Fabio Assolini, head of the Latin American Global Research and Analysis Team (GReAT) at Kaspersky.

Emphasizing the importance of a collective approach, Craig Jones, Director of INTERPOL’s Cybercrime unit, said: “This operational success vividly underscores the importance of sharing intelligence through INTERPOL, and why we are committed to acting as a bridge between public and private sectors. It also sets the stage for further cooperation in the region.”

As trojan families, like Grandoreiro, have been actively expanding abroad, Kaspersky experts expect to see increased exploitation of mobile banking trojans. According to the company’s predictions for crimeware and financial threats in 2024, we might see Brazilian banking trojans trying to fill the void left by desktop banking trojans, with the resurgence of these trojans becoming one of the trends dominating the financial threat landscape this year.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement