January 30, 2024 at 10:50AM
Brazil’s Federal Police, along with cybersecurity collaborators, have disrupted the Grandoreiro banking malware operation targeting Spanish-speaking countries with financial fraud since 2017. Five arrests were made in Brazil, and substantial losses and the malware’s capabilities were outlined. The operation is on hold, but future resurgence is uncertain.
From the meeting notes, it is clear that there has been significant progress in disrupting the Grandoreiro banking malware operation. The operation was successfully supported by the Federal Police of Brazil, cybersecurity researchers, ESET, Interpol, the National Police in Spain, and Caixa Bank. As a result, there were five arrests and thirteen search and seizure actions in various locations in Brazil.
The multinational effort led to the identification and arrest of individuals controlling the malware’s infrastructure, with the Brazilian police suspecting the movement of at least 3.6 million euros through fraud since 2019. The malware, known as Grandoreiro, has been active since 2017 and has caused around $120,000,000 in losses, according to Caixa Bank’s records.
ESET has been instrumental in tracking the Grandoreiro’s servers despite the malware’s complex techniques, allowing them to gain insights into the operation’s victimology and volume. Most of the victims are based in Spain, Mexico, and Brazil, with Windows 10 being the most impacted operating system.
The disruption of the Grandoreiro operation has brought the malware’s activities to a complete halt for now, but it is unclear if the arrested individuals held a leading role in the operation or if there is a risk of Grandoreiro returning in the future.
Overall, it is evident that the meeting has provided crucial updates and insights into the successful efforts to disrupt the Grandoreiro malware operation, highlighting the collaborative efforts of multiple organizations in combating cybercrime.