The cybercriminal group behind the Grandoreiro banking trojan has re-emerged in a global campaign since March 2024, following a significant law enforcement takedown earlier this year. This large-scale phishing operation targets over 1,500 banks across more than 60 countries, spanning Central and South America, Africa, Europe, and the Indo-Pacific, according to IBM X-ForceIBM X-Force.
Originally focused on Latin America, Spain, and Portugal, Grandoreiro’s new campaign signifies a strategic shift after Brazilian authorities disrupted its infrastructure.
Despite a major takedown in January 2024, which saw the Brazilian Federal Police, Interpol, the Spanish National Police, ESET, and Caixa Bank dismantle the operation and arrest five individuals, the malware has returned with significant upgrades.
The phishing emails associated with Grandoreiro masquerade as urgent government payment requests, prompting recipients to click on links that download and execute malicious files.
Once installed, the trojan interacts with banking apps to facilitate fraudulent transactions, logs keystrokes and captures screenshots to steal banking credentials and sensitive data. It also allows remote system manipulation and file operations by threat actors.
A key enhancement in the latest vers
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: