Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

New Grandoreiro Variant Targets Spain

October 24, 2023
Reading Time: 4 mins read
in Alerts

A new variant of the Grandoreiro malware, traditionally focused on Brazil and Mexico, has expanded its reach to target victims in Spain and Mexico. Researchers from Proofpoint have identified an upsurge in malicious activity targeting Spanish-speaking users in Spain, deviating from its previous focus on Portuguese and Spanish speakers in the Americas.

The evolving Brazilian cyber threat landscape, coupled with the increased number of people online in the country, has made Brazil one of the most highly-targeted countries for information theft and malware, with a specific emphasis on online banking users.

The threat posed by Brazilian banking malware is multifaceted, with most strains appearing to have a common Delphi-written ancestor, whose source code has been adapted and reused over several years. This lineage has spawned various Brazilian malware varieties, including Grandoreiro, known for its active development and ability to steal data through keyloggers and screen-capturers.

Recent campaigns have demonstrated the malware’s ability to target Spanish banks, suggesting that its capabilities have expanded beyond the Americas. The attack involves a multi-stage process, starting with malicious email lures containing various baits, such as shared documents or tax forms, and culminates in the delivery of a Grandoreiro payload with the ability to steal bank login information.

The threat actor, TA2725, previously known for using Brazilian banking malware and phishing to target organizations in Brazil and Mexico, has taken on an expanded role, targeting consumer credentials and payment information for Netflix and Amazon accounts.

The Brazilian banking malware’s relentless development and the adaptability of threat actors across Latin and South America are likely to result in an increase in targets beyond their traditional regions. The global supply chain’s reliance on suppliers worldwide also increases the risk to organizations that may fall outside their usual service region.

Reference:
  • From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware
Tags: BrazilCyber AlertCyber Alerts 2023CybersecurityGrandoreiroGrandoreiro malwareMalwareMexicoOctober 2023SpainVulnerabilities
ADVERTISEMENT

Related Posts

Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025
Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

PDFs Deliver QR Codes in Callback Scams

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

Critical Sudo Flaws Expose Linux Systems

July 3, 2025

Latest Alerts

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

PDFs Deliver QR Codes in Callback Scams

Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

Subscribe to our newsletter

    Latest Incidents

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    Cyberattack Hits Medtech Firm Surmodics

    Rhysida Ransomware Hits German Charity WHH

    Hacker Accesses Max Financial’s User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial