NEW YORK – Black hat hackers have reportedly unleashed malicious software targeting over 1,500 banks and their customers worldwide.
Security researchers at IBM say a revamped version of the Grandoreiro banking trojan has just rolled out, enabling attackers to perform banking fraud in 60 countries.
The malware allows attackers to send email notices that appear to be urgent government requests for payments.
Users are told they can click a link to view an invoice or a fee and when they do, a malicious file is downloaded and executed in the background.
Once installed, the malware searches for and interacts with banking apps to facilitate fraudulent transactions.
Infected users also have their keystrokes logged and screen captured in a push to capture banking credentials, usernames, and other sensitive data needed to crack and drain accounts.
“[The malware is] enabling attackers to perform banking fraud in over 60 countries including regions of Central and South America, Africa, Europe, and the Indo-Pacific.
Although campaigns have traditionally been limited to Latin America, Spain and Portugal, X-Force observed recent campaigns impersonating Mexico’s Tax Administration Service (SAT), Mexico’s Federal Electricity Commission (CFE), Mexico’s Secretary of Administration and Finance, the Revenue Service of Argentina, and notably the South African Revenue Service (SARS)…
The updates made to the malware, in addition to the significant increase in banking applications across several nations, indicate that the Grandoreiro distributors are seeking to conduct campaigns and deliver malware on a global scale.”
Early this year, the Federal Police of Brazil, in collaboration with Interpol, the National Police in Spain, and Caixa Bank, announced five arrests and thirteen search and seizure actions in relation to the Grandoreiro phishing scam.
The criminal network is suspected of moving at least 3.6 million euros in fraudulent transactions since 2019.