Video

The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows

02 Feb 2024

This week, law enforcement in Brazil took action to disrupt the Grandoreiro banking malware in a joint effort that was also supported by the ESET research team, who contributed technical analysis, statistics, and known C&C server domain names and IP addresses.

The operation – which was further supported by Interpol, the Spanish Police and Caixa Bank – was aimed at individuals who are thought to be high up in Grandoreiro’s pecking order. Grandoreiro targeted victims in Brazil, Mexico, Spain and most recently also Argentina, causing millions in losses to fraud since at least 2017.

For technical information about Grandoreiro, head over to our blogpost.

Connect with us on Facebook, Twitter, LinkedIn and Instagram.