Grandoreiro Banking Trojan Back in Action: Targets Over 1,500 Banks Globally

The notorious Grandoreiro banking trojan is back, and it’s casting a wide net. After a temporary shutdown by law enforcement in January, this Windows-based malware has resurfaced in a global campaign targeting over 1,500 banks across 60 countries, according to security researchers at IBM X-Force.

Phishing Emails Spearhead the Attack

The malicious campaign leverages large-scale phishing attacks. Unsuspecting users receive emails that appear to be from legitimate sources, often impersonating government entities. These emails typically contain a link that, when clicked, infects the user’s computer with the Grandoreiro trojan.

Malware Upgraded for Maximum Impact

The latest version of Grandoreiro boasts significant upgrades, making it a more formidable threat. Researchers identified improvements in the malware’s string decryption and domain generation algorithm (DGA). This allows it to evade detection and establish communication channels with command-and-control servers. Additionally, the trojan can now exploit Microsoft Outlook on infected machines to spread phishing emails further, potentially amplifying the reach of the campaign.

Geographic Reach and Targets

The Grandoreiro trojan casts a global net, targeting banking applications and websites in over 1500 institutions across more than 60 countries. This includes regions in Central and South America, Africa, Europe, and the Indo-Pacific.

How to Protect Yourself

With this renewed threat, it’s crucial to be vigilant and take steps to protect yourself:

• Be cautious with emails: Don’t click on links or attachments from unknown senders, even if they appear legitimate.
• Verify senders: If you’re unsure about an email’s origin, contact the sender directly through a trusted channel to confirm its authenticity.
• Keep software updated: Ensure your operating system, antivirus software, and web browser are up-to-date with the latest security patches.
• Beware of urgency: Phishing emails often try to create a sense of urgency to pressure you into clicking on a link. Be cautious of emails that demand immediate action.

By following these cybersecurity best practices, you can significantly reduce your risk of falling victim to the Grandoreiro banking trojan or similar threats.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.