Brazilian authorities have reported the apprehension of five individuals responsible for perpetrating a banking trojan operation involving the Grandoreiro malware. This malware, which has posed a significant cybersecurity threat across Spanish-speaking countries since 2017, is primarily distributed through phishing emails that impersonate reputable organizations such as courts or telecom and energy companies. Once inadvertently installed, the malware exhibits a wide range of intrusive behaviors, including monitoring keyboard inputs, simulating mouse activity, sharing screens, displaying deceptive pop-ups, and harvesting critical data such as usernames, operating system information, and bank identifiers.
With such access, the criminals gain control over victims’ bank accounts and exploit them for illicit gains, subsequently channeling the stolen funds through a network of money mules to launder the proceeds, primarily directing them to Brazil. The criminal organization behind the malware is suspected of defrauding victims of over EUR 3.5 million, but failed attempts could have yielded more than EUR 110 million for the syndicate, according to information provided by CaixaBank.
Reference:
