Grandoreiro, the global trojan with grandiose goals

Category	Details
Threat Actors	Brazilian cybercriminal group operating Grandoreiro, part of the Tetrade umbrella.
Campaign Overview	Banking trojan targeting financial institutions, using phishing, malvertising, and sophisticated techniques for fraudulent banking operations. Evolving since 2016.
Target Regions (Victims)	Initially focused on Latin America and Europe; expanded to 45 countries and territories in 2024.
Methodology	Phishing emails, malvertising (Google Ads), malicious ZIP archives, DLL sideloading, fake software certificates.
Product Targeted	Financial institutions, banking websites, and cryptocurrency wallets.
Malware Reference	Grandoreiro banking trojan, also known as a part of the Tetrade family.
Tools Used	Windows Installer (MSI), Portable Executable (EXE), DLL sideloading, XOR-based encryption, digital certificates.
Vulnerabilities Exploited	Evading detection through file size inflation (binary padding), low detection rates, using digital certificates to impersonate legitimate software.
TTPs	Phishing, social engineering, malvertising, malware-as-a-service, DLL sideloading, XOR-based encryption, binary padding to evade sandboxes.
Attribution	Brazilian threat actor group, part of the Tetrade umbrella.
Recommendations	Improve email filtering, monitor for abnormal file sizes and encryption schemes, use endpoint detection and response (EDR) to detect DLL sideloading.
Source	Securelist by Kaspersky

Read full article : https://securelist.com/grandoreiro-banking-trojan/114257/

The above summary has been generated by an AI language model