May 18, 2024 at 01:14PM
The Android banking trojan “Grandoreiro” is spreading in a large-scale phishing campaign across 60+ countries, targeting accounts of about 1,500 banks. Despite law enforcement efforts in January 2024, it has reemerged with new features and is now targeting English-speaking countries, employing diverse phishing lures and expanded capabilities, indicating a resilient threat.
Here are the key takeaways from the meeting notes:
– The Android banking trojan “Grandoreiro” has been spreading in a large-scale phishing campaign in numerous countries, targeting accounts in around 1,500 banks.
– An international law enforcement operation disrupted the malware operation in January 2024, involving Brazil, Spain, Interpol, ESET, and Caixa Bank. This operation had been targeting Spanish-speaking countries since 2017 and caused $120 million in losses.
– Grandoreiro has resurfaced in large-scale operations since March 2024, now targeting English-speaking countries in addition to the previous targets. It is likely being rented to cybercriminals via a Malware-as-a-Service (MaaS) model.
– The trojan has undergone a technical revamp, adding new powerful features and improvements, indicating that its creators evaded arrest and were undeterred by the previous crackdown.
– Phishing lures for the trojan are diverse and tailored for specific organizations. The phishing emails impersonate government entities in Mexico, Argentina, and South Africa and are written in the recipient’s native language, incorporating official logos and formats.
– The trojan’s latest variant includes new features such as improved string decryption algorithm, updates on the domain generation algorithm, targeting of Microsoft Outlook clients, new persistence mechanism, expanded targeting of bank applications and cryptocurrency wallets, and an expanded command set.
– The trojan can perform detailed victim profiling and avoid execution in specific countries, indicating that it is still active and poses a significant threat despite law enforcement actions.
If you need further information or assistance, feel free to ask.