Network Security, Critical Infrastructure Security, Malware

Grandoreiro banking trojan reemerges with global attack campaign

Cyber security concept. Toy horse on a digital screen, symbolizes the attack of the Trojan virus. 3D illustration.

Nearly 1,500 banks across more than 60 countries had their customer accounts targeted in a widespread Grandoreiro banking trojan campaign, which commenced just two months after the trojan was dismantled in an international law enforcement operation in January, according to BleepingComputer.

Click for more special coverage

Attacks part of the campaign involved the delivery of phishing emails spoofing Argentina-, Mexico-, and South Africa-based government organizations that lure recipients into clicking download links that would trigger the Grandoreiro loader, a report from IBM's X-Force team revealed.

Such a loader gives way to a significantly improved variant of the banking trojan, which includes more robust decryption and domain generation algorithms, updated Microsoft Outlook client targeting and persistence mechanisms, and expanded command set and banking app and cryptocurrency wallet targeting.

Victim profiling has also been added to the updated Grandoreiro trojan, which was noted by researchers not to target Russia, Poland, Czechia, and the Netherlands, as well as U.S.-based Windows 7 machines.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.