This wide-ranging trojan has returned from the dead — Grandoreiro malware revives following police action

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Grandoreiro, the banking trojan that was dismantled in January 2024, is back with a vengeance, according to a new report from IBM’s cybersecurity arm, X-Force, which claims the trojan has been updated, and is now targeting a much wider area.

In late January 2024, the Federal Police of Brazil, together with Interpol, the Spanish National Police, ESET, and Caixa Bank, dismantled the trojan operation, arrested five people, and made 13 search and seizure operations across Brazil. 

At the time, it was said that Grandoreiro existed for seven years and primarily targeted Spanish-speaking nations.

Updates to the malware

Now, IBM’s X-Force said it spotted a new campaign, which started in March this year. For now, the goal is simply to deploy the trojan to as many victims as possible, and to that end, the attackers use a malware-as-a-service model. More than 1,500 banks around the world are targeted, located in 60 countries around the world (Central and South America, Africa, Europe, and the Indo-Pacific region).

It is also worth mentioning that the malware actively avoids endpoints in countries such as Russia, Czechia, Poland, and the Netherlands, and that it doesn’t run on Windows 7 devices located in the US, sporting no antivirus programs.

Besides attacking more people, Gradoreiro was also updated.

"Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails," the researchers explained. 

"In order to interact with the local Outlook client, Grandoreiro uses the Outlook Security Manager tool, a software used to develop Outlook add-ins," the researchers said. "The main reason behind this is that the Outlook Object Model Guard triggers security alerts if it detects access on protected objects."

As usual, the best way to defend against these attacks is to be vigilant with all incoming email messages.

Via The Hacker News

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Mustang Panda
Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does