Grandoreiro

Malware updated 23 days ago (2024-11-29T13:43:03.722Z)
Download STIX
Preview STIX
Grandoreiro is a malicious software, or malware, specifically a banking Trojan that targets banks worldwide. Initially originating from a Brazilian banking group, Grandoreiro has expanded its reach to other countries, becoming a significant threat in the cyber landscape. It operates by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it steals personal information and disrupts operations. Grandoreiro is part of a larger group of similar banking Trojans, including Mekotio, BBTok, Guildma, Javali, and Melcoz, collectively known as the Tetrade group. Despite efforts to curb its activities, including the arrest of several gang members, Grandoreiro continues to pose a significant threat. It has evolved to target more than 1700 banks in 45 countries across every continent. The most affected countries include Mexico, Brazil, Spain, and Argentina. However, it doesn't necessarily mean that Grandoreiro will target a specific bank from its list; it only acts if there is a local partner or money mule who can operationalize and complete the action. Researchers, including those from Kaspersky, have been studying Grandoreiro to understand its tactics and devise ways to counteract it. They have found that the threat actors behind Grandoreiro continuously evolve their tactics and malware to successfully carry out attacks against their targets and evade security solutions. Kaspersky continues to cooperate with INTERPOL and other agencies around the world to fight the Grandoreiro threat among internet banking users. The Grandoreiro banking trojan is primed to steal credentials accounts for 1,700 financial institutions, indicating its widespread and severe potential impact.
Description last updated: 2024-11-15T16:01:14.833Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Javali is a possible alias for Grandoreiro. Javali is a multistage malware that has been active since November 2017, primarily targeting customers of financial institutions in Portuguese- and Spanish-speaking countries, with a particular focus on Brazil and Mexico. Part of a group of banking trojans including Guildma, Melcoz, and Grandoreiro,
4
Mekotio is a possible alias for Grandoreiro. Mekotio is a type of malware, specifically a banking trojan, that was first detected in March 2018. Initially focusing on Brazilian users and banks, Mekotio has since evolved to target other Spanish-speaking countries such as Chile, Mexico, Columbia, and Argentina, as well as parts of Southern Europ
2
Tetrade is a possible alias for Grandoreiro. Tetrade is a collective term for four prominent banking trojan families, namely Guildma, Javali, Melcoz, and Grandoreiro, that were created, developed, and spread by Brazilian cybercriminals. These malware variants have evolved to operate on a global scale, posing significant threats to financial in
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Banking
Loader
Phishing
Credentials
Brazil
Cybercrime
Windows
Payload
Spam
Masquerading
Outlook
Tool
Email Addres...
Domain Gener...
Backdoor
Sandbox
Encryption
Downloader
Binary Padding
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Coyote Malware is associated with Grandoreiro. Coyote is a sophisticated, multi-stage banking Trojan that has expanded its operations to target more than 1700 banks in 45 countries across all continents. Other notable malware families include Banbra, BestaFera, Bizarro, ChePro, Casbaneiro, Ponteiro, and Grandoreiro. Despite the arrest of severalUnspecified
2
The Zeus Malware is associated with Grandoreiro. Zeus is a notorious malware, short for malicious software, designed to exploit and damage computer systems. It is often spread through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, it can steal personal information, disrupt operationsUnspecified
2
Source Document References
Information about the Grandoreiro Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a day ago
Securelist
a month ago
Checkpoint
2 months ago
Securelist
2 months ago
Trend Micro
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Flashpoint
5 months ago
Securityaffairs
7 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Trend Micro
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
BankInfoSecurity
7 months ago
InfoSecurity-magazine
7 months ago