Banking trojan unleashed: Observing emerging global campaigns
Essential information
- Published
- 20/05/2024 09:40
- Modified
- 20/05/2024 10:05
- Tags
- 2024-05-20 banking grandoreiro malware-as-a-service phishing trojan
- Related entities
- 18 observables, 1 intrusion sets (apt), 18 techniques (mitre), 1 malware, 11 others
Description
IBM's X-Force has been tracking large-scale phishing campaigns distributing the Grandoreiro banking trojan, likely operated as a Malware-as-a-Service. The malware targets over 1500 global banks, enabling banking fraud in over 60 countries. The latest variant features major updates, including string decryption and domain generation algorithm enhancements, and the ability to spread through Microsoft Outlook clients. Campaigns impersonate government entities in Mexico, Argentina, and South Africa, indicating a change in strategy and global expansion since recent law enforcement actions against the operators.