Rescana
Grandoreiro Banking Trojan Expands Global Reach with New Campaigns
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Grandoreiro banking trojan, active since 2016, has intensified its phishing campaigns targeting over 1,700 banks and financial institutions across 60 countries, including recent operations in South Africa and Europe. Initially focused on Latin America, it now employs advanced techniques like domain generation algorithms (DGA) and phishing emails impersonating government entities. The malware is distributed via malicious links and ZIP files, often disguised as legitimate documents. Despite law enforcement actions against its operators, the trojan continues to evolve, indicating a resilient cybercrime syndicate. The latest campaigns have resulted in significant financial losses, with estimates of 3.5 million euros in Spain alone. Security experts warn of the trojan's adaptability and the growing risk it poses to global financial systems.
Key Points: • Grandoreiro targets over 1,700 banks in 60 countries, expanding its global footprint. • Recent campaigns include phishing emails impersonating government agencies in Mexico and South Africa. • The malware employs advanced evasion techniques, making detection challenging for security solutions.