Grandoreiro banking trojan: overview of recent versions and new tricks

SUMMARY :

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Generation Algorithms, ciphertext stealing encryption, and mouse behavior tracking. The trojan uses phishing emails and malvertising for initial infection, then employs various anti-detection methods and a modular structure for stealing credentials and performing fraudulent transactions. Recent campaigns show a split in the codebase, with both updated and legacy versions targeting different regions, particularly Mexico. The malware's operators use sophisticated tools for remote access and employ cloud VPS to hide their activities.

OPENCTI LABELS :

brazil,banking trojan,grandoreiro,credential theft,remote access,evasion techniques,financial malware,global threat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Grandoreiro banking trojan: overview of recent versions and new tricks