| Category | Details |
|---|---|
| Threat Actors | Brazilian cybercriminal group operating Grandoreiro, part of the Tetrade umbrella. |
| Campaign Overview | Banking trojan targeting financial institutions, using phishing, malvertising, and sophisticated techniques for fraudulent banking operations. Evolving since 2016. |
| Target Regions (Victims) | Initially focused on Latin America and Europe; expanded to 45 countries and territories in 2024. |
| Methodology | Phishing emails, malvertising (Google Ads), malicious ZIP archives, DLL sideloading, fake software certificates. |
| Product Targeted | Financial institutions, banking websites, and cryptocurrency wallets. |
| Malware Reference | Grandoreiro banking trojan, also known as a part of the Tetrade family. |
| Tools Used | Windows Installer (MSI), Portable Executable (EXE), DLL sideloading, XOR-based encryption, digital certificates. |
| Vulnerabilities Exploited | Evading detection through file size inflation (binary padding), low detection rates, using digital certificates to impersonate legitimate software. |
| TTPs | Phishing, social engineering, malvertising, malware-as-a-service, DLL sideloading, XOR-based encryption, binary padding to evade sandboxes. |
| Attribution | Brazilian threat actor group, part of the Tetrade umbrella. |
| Recommendations | Improve email filtering, monitor for abnormal file sizes and encryption schemes, use endpoint detection and response (EDR) to detect DLL sideloading. |
| Source | Securelist by Kaspersky |
Read full article : https://securelist.com/grandoreiro-banking-trojan/114257/
The above summary has been generated by an AI language model
Related posts:
Scammer Black Friday offers: Online shopping threats and dark web
New PXA Stealer targets government and education sectors for sensitive information
Five alleged members of Scattered Spider cybercrime group charged for breaches, theft of $11 million
'PopeyeTools' marketplace for stolen credit cards disrupted by feds
Leave a Reply