Grandoreiro malware continues to pose a significant threat to financial institutions worldwide, despite efforts to stop it. The research and analysis team at Kaspersky has announced a new release of the malware, targeting around 30 financial institutions in Mexico.
This new release comes after the arrest of some of the key operators of the malware earlier this year. However, Grandoreiro continues to represent approximately 5% of global banking attacks using Trojan horses, making it one of the most dangerous threats facing the banking sector.
Mexico is one of the most affected countries by Grandoreiro malware, with 51,000 recorded incidents this year. These numbers underscore the importance of continuous vigilance in countering these sophisticated cyber threats.
Grandoreiro malware started its activity in 2016 and has since expanded, targeting over 1,700 financial institutions and 276 digital currency wallets in 45 countries in 2024 alone.
A recent analysis by Kaspersky revealed a new release focusing heavily on Mexico, used to target approximately 30 financial institutions. It is believed that the software developers have obtained the source code, enabling them to launch new campaigns using lighter versions of the old malware.
Fabio Assolini, head of research in Latin America for Kaspersky, noted that these lightweight versions may spread beyond Mexico, possibly to other regions beyond Latin America. However, this malware is not believed to be available for sale on underground forums, but reserved for a specific group.
Grandoreiro malware continues to evolve its methods to evade security systems, simulating natural user actions to avoid detection. It has also used a new technique to encrypt malicious data, a method not previously seen in any other malware.
To protect against these malicious financial software, Kaspersky experts advise institutions to activate default security policies and train employees to detect phishing attempts, using anti-phishing and cybersecurity protection solutions.
In conclusion, Grandoreiro malware was highlighted at the sixteenth edition of the Security Analysts Summit currently being held in Bali, continuing until October 25.
