216.73.217.139

Grandoreiro banking trojan: overview of recent versions and new tricks

· Published 22/10/2024 23:35 · Modified 23/10/2024 08:49

Export JSON

Essential information

Published
22/10/2024 23:35
Modified
23/10/2024 08:49
Tags
2024-10-22 banking trojan brazil credential-theft evasion techniques financial malware global threat grandoreiro remote access
Related entities
1 intrusion sets (apt), 19 techniques (mitre), 1 malware, 5 others

Description

is a Brazilian that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced like multiple Domain Generation Algorithms, ciphertext stealing encryption, and mouse behavior tracking. The trojan uses phishing emails and malvertising for initial infection, then employs various anti-detection methods and a modular structure for stealing credentials and performing fraudulent transactions. Recent campaigns show a split in the codebase, with both updated and legacy versions targeting different regions, particularly Mexico. The malware's operators use sophisticated tools for and employ cloud VPS to hide their activities.

External references