INTERPOL shuts down the Grandoreiro malware operation

Kaspersky cooperated in the operation coordinated by INTERPOL which is why the Brazilian authorities arrested the five administrators who were behind the operation of the Grandoreiro banking trojan. According to estimates, cybercriminals are believed to have stolen more than 3.5 million euros from their victims.

Grandoreiro is a banking Trojan by origin A Brazilian who, according to Kaspersky, is, has been active since at least 2016. Attacks carried out via this malware usually start with a spear-phishing email written in Spanish, Portuguese or English. Once installed on a victim’s device, the Trojan tracks keystrokes, simulates mouse activity, shares screens and collects data such as usernames, operating system information, device uptime and, most importantly, bank identifiers.

When attackers take full control of victims’ bank accounts, they empty them, sending the funds through a network of money ‘mules’ to launder the ill-gotten funds.
The Trojan has many versions, which could mean that different operators are involved in developing the malware. According to Kaspersky experts, Grandoreiro operates as a Malware-as-a-Service (MaaS) project and aims to attack more than 900 financial institutions in more than 40 countries in Europe, North America and Latin America.

As part of this collaboration, Kaspersky together with dr private partners of INTERPOL, contributed to the analysis of Grandoreiro malware samples collected from cybercrime investigations in Brazil and Spain between 2020 and 2022. During this period, Kaspersky products detected 150,000 attacks using the banking Trojan Grandoreiro in 40,000 users worldwide. Spain, Brazil, Mexico, Portugal, Argentina and the United States turned out to be the most affected countries. Likewise, in August 2023, analytical reports were prepared in which the matching of the samples was determined, which enabled the analysts to get closer to the organized criminal group.

“We are witnesses Grandoreiro campaigns since at least 2016. During this time, attackers regularly improved their techniques, trying to fit in and stay active during the period longer times. In such circumstances it is extremely important that financial institutions to stay vigilant while improving theirs anti-fraud technologies and their fraud data. Larger Synergy between private and public partners is also essential to combat them cybercrime and provide a safer environment for users and

organizations from all over the world”, they comment Fabio Assolini, director of the Global Research and Analysis Team (GReAT) for Latin America at Kaspersky.
For his part, Craig Jones, director of The INTERPOL Cyber ​​crime, emphasized the importance of a collective approach: “This operational success highlights the importance of exchanging police information through INTERPOL, and why we are committed to acting as a bridge between the public and private sectors. It also lays the foundations for greater cooperation in the region.
Considering Trojan families, like the Grandoreiros, have actively spread abroad, Kaspersky experts expect an increase in the use of Trojans for mobile banking. According to the firm’s 2024 malware and financial threat predictions, Brazilian banking Trojans will be one of the trends that will dominate the financial threat landscape this year.