Black hat hackers have reportedly unleashed malicious software targeting over 1,500 banks and their customers worldwide. According to security researchers at IBM, a revamped version of the Grandoreiro banking trojan has just been released, enabling attackers to conduct banking fraud in 60 countries.
The malware enables attackers to send email notices that appear to be urgent government requests for payments. Users are prompted to click a link to view an invoice or a fee, which then downloads and executes a malicious file in the background. Once installed, the malware searches for and interacts with banking apps to facilitate fraudulent transactions. Additionally, it logs keystrokes and captures screens to obtain banking credentials, usernames, and other sensitive data needed to access and drain accounts.
"[The malware is] enabling attackers to perform banking fraud in over 60 countries, including regions of Central and South America, Africa, Europe, and the Indo-Pacific," said the researchers. Although campaigns have traditionally been limited to Latin America, Spain, and Portugal, IBM's X-Force observed recent campaigns impersonating Mexico’s Tax Administration Service (SAT), Mexico’s Federal Electricity Commission (CFE), Mexico’s Secretary of Administration and Finance, the Revenue Service of Argentina, and notably the South African Revenue Service (SARS).
The updates made to the malware, along with the significant increase in targeted banking applications across several nations, indicate that the Grandoreiro distributors are aiming to conduct global campaigns. Earlier this year, the Federal Police of Brazil, in collaboration with Interpol, the National Police in Spain, and Caixa Bank, announced five arrests and thirteen search and seizure actions related to the Grandoreiro phishing scam. The criminal network is suspected of moving at least 3.6 million euros in fraudulent transactions since 2019.
