Grandoreiro Banking Trojan Expands Global Reach with New Campaigns

Grandoreiro Banking Trojan Expands Global Reach with New Campaigns

First seen 28 May 2026, 12:13 UTC CybersecuritynewsRescanasecurelist.comwww.ibm.com 74% similarity 69.5

Article Content

Browse articles
ThreatCluster

The Grandoreiro banking trojan, active since 2016, has intensified its phishing campaigns targeting over 1,700 banks and financial institutions across 60 countries, including recent operations in South Africa and Europe. Initially focused on Latin America, it now employs advanced techniques like domain generation algorithms (DGA) and phishing emails impersonating government entities. The malware is distributed via malicious links and ZIP files, often disguised as legitimate documents. Despite law enforcement actions against its operators, the trojan continues to evolve, indicating a resilient cybercrime syndicate. The latest campaigns have resulted in significant financial losses, with estimates of 3.5 million euros in Spain alone. Security experts warn of the trojan's adaptability and the growing risk it poses to global financial systems.

Key Points: • Grandoreiro targets over 1,700 banks in 60 countries, expanding its global footprint. • Recent campaigns include phishing emails impersonating government agencies in Mexico and South Africa. • The malware employs advanced evasion techniques, making detection challenging for security solutions.

ThreatCluster AI

Timeline

2024-01-01
Law enforcement actions disrupt Grandoreiro operations
Multiple arrests of Grandoreiro operators in Brazil and Spain occur, but remaining members continue their activities.
Kaspersky
2024-03-01
IBM X-Force begins tracking Grandoreiro campaigns
IBM X-Force identifies large-scale phishing campaigns distributing the Grandoreiro trojan, marking a significant uptick in activity.
IBM
2026-05-28
New phishing campaigns reported
IBM X-Force reports Grandoreiro phishing campaigns targeting users in South Africa and Europe, indicating a shift in strategy.
IBM
2026-05-28
Kaspersky reports financial losses in Spain
Grandoreiro is linked to fraudulent activities in Spain, with estimated profits of 3.5 million euros from its operations.
Kaspersky
Recent
Global threat assessment issued
Cybersecurity experts warn of the escalating threat posed by Grandoreiro, highlighting its resilience and adaptability.
Rescana

Community

Browse all →