May 19, 2024 at 04:18AM
The Grandoreiro banking trojan, previously targeted at Latin America, has reemerged in a global campaign, expanding its reach to over 1,500 banks across 60+ countries. The large-scale phishing attacks utilize a sophisticated malware, employing tactics to avoid detection and compromising victims’ systems, including the abuse of Microsoft Outlook to spread spam messages.
Key Takeaways from the Meeting Notes:
– The Grandoreiro banking trojan has reemerged in a global campaign since March 2024 after a law enforcement takedown in January, targeting over 1,500 banks across 60 countries.
– The phishing attacks are facilitated by other cybercriminals via a malware-as-a-service model.
– The trojan’s footprint has expanded beyond Latin America, Spain, and Portugal, with significant improvements in the malware’s capabilities, including the ability to use Microsoft Outlook clients to spread further phishing emails.
– The attacks begin with phishing emails that lead recipients to download a ZIP archive with the Grandoreiro loader executable, artificially inflated to bypass anti-malware scanning software.
– The trojan supports commands that allow the threat actors to remotely control the system, carry out file operations, and even abuse the victim’s Outlook email account to send spam messages to other targets.
Please let me know if there are any further details required.