Key Points
- The Grandoreiro banking trojan targets financial institutions and users across Latin America and is expanding globally.
- Sophisticated phishing campaigns impersonate government tax agencies and law enforcement.
- Geofenced infrastructure ensures targeted delivery to specific regions. Multi-stage attacks leverage JavaScript functions and ZIP file downloads.
- Comprehensive data exfiltration capabilities include banking credentials and cryptocurrency wallet information.
Campaign Overview
Samantha Clarke and the Mimecast Threat Research team have identified active Grandoreiro banking trojan campaigns representing a significant threat to financial institutions and individual users. Grandoreiro is a well-known Brazilian banking trojan that has been active since 2016 and enables threat actors to perform fraudulent banking transactions. This sophisticated malware has evolved into a global threat, with recent campaigns expanding beyond its traditional Latin American focus to target users in Europe and Africa.
The threat actors behind Grandoreiro are tracked internally as MCTO1023. These actors employ sophisticated phishing campaigns that impersonate legitimate government entities, particularly tax agencies and law enforcement bodies. They use this approach to trick users into downloading malicious files. This social engineering approach leverages the inherent trust users place in official government communications to achieve high success rates in credential harvesting and malware deployment.
Campaign Themes and Targeting
Recent Grandoreiro campaigns have demonstrated sophisticated understanding of regional government structures and user behavior patterns. The threat actors deploy region-specific social engineering tactics that align with local administrative processes and official communication channels, similar to techniques observed in other Latin American banking trojans.
Please click here to read the entire article.
We welcome your questions; please ask them by posting a comment below.
Dimakatso Makinta
