Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky supports INTERPOL-coordinated action to disrupt Grandoreiro malware operation

According to conservative estimates, the banking trojan operators are believed to have defrauded victims of more than 3.5 million euros (more than PHP 214 million).

Kaspersky has assisted an INTERPOL-coordinated action, which has led to Brazilian authorities arresting five administrators behind a Grandoreiro banking trojan operation. According to conservative estimates, the banking trojan operators are believed to have defrauded victims of more than 3.5 million euros (more than PHP 214 million).

Grandoreiro is a Brazil-originated banking trojan, which, according to Kaspersky data, has been active since at least 2016. Attacks using Grandoreiro frequently start with a spear-phishing email written in Spanish, Portuguese or English. Once installed on a victim machine, the trojan tracks keyboard inputs, simulates mouse activity, shares screens, collecting data such as usernames, operating system information, device runtime and, most importantly, bank identifiers. With full control over victims’ bank accounts, criminals empty them, sending funds through a money mule network to launder the illicit proceeds.

The trojan has many versions, which might indicate that different operators are involved in the development of the malware, with Kaspersky experts having seen Grandoreiro operating as a Malware-as-a-Service (MaaS) project. The prolific banking malware targets more than 900 financial institutions in more than 40 countries in North and Latin America, and Europe. 

As part of the current joint effort, Kaspersky along with INTERPOL’s other private partners contributed to the analysis of Grandoreiro malware samples, gathered by Brazilian and Spanish national cybercrime investigations between 2020 and 2022. In 2020-2022, Kaspersky products detected 150,000 attacks with the use of Grandoreiro banking trojan on 40,000 users worldwide. Brazil, Spain, Mexico, Portugal, Argentina, and the USA turned out to be the most affected countries.

As a result, by August 2023, analytical reports had been produced that had identified overlaps between the samples, allowing investigators to close in on the organized crime group.

Advertisement. Scroll to continue reading.

“We have been witnessing Grandoreiro’s campaigns since at least 2016. Over time, the attackers have been regularly improving techniques, striving to stay undetected and active for longer periods of time. In these circumstances, it is extremely important for financial institutions to stay vigilant while also improving their anti-fraud technologies and threat intelligence data. Greater synergy between private and public partners is also pivotal for combating against such cybercrimes and ensuring a safer environment for users and organizations worldwide,” comments Fabio Assolini, head of the Latin American Global Research and Analysis Team (GReAT) at Kaspersky.

Emphasizing the importance of a collective approach, Craig Jones, Director of INTERPOL’s Cybercrime unit, said: “This operational success vividly underscores the importance of sharing intelligence through INTERPOL, and why we are committed to acting as a bridge between public and private sectors. It also sets the stage for further cooperation in the region.”

As trojan families, like Grandoreiro, have been actively expanding abroad, Kaspersky experts expect to see increased exploitation of mobile banking trojans. According to the company’s predictions for crimeware and financial threats in 2024, we might see Brazilian banking trojans trying to fill the void left by desktop banking trojans, with the resurgence of these trojans becoming one of the trends dominating the financial threat landscape this year.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

HEADLINES

This development marks a major step forward in Globe's long-standing #PlayItRight advocacy to help promote and protect the country’s ₱1.6-trillion creative industry from the...

HEADLINES

Spoofing is a technique where fraudsters impersonate SMS channels to deceive recipients. The practice has seen a marked rise, especially in Metro Manila, with...

Advertisement