Security News > 2024 > January > Police disrupt Grandoreiro banking malware operation, make arrests
The Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017.
The operation was supported by ESET, Interpol, the National Police in Spain, and Caixa Bank, all providing critical data leading to identifying and arresting individuals controlling the malware's infrastructure.
"This Tuesday, January 30, the Federal Police launched Operation Grandoreiro to investigate the activities of a criminal group responsible for electronic banking fraud, using banking malware with victims outside Brazil," the Brazilian police said in a machine-translated press release.
Grandoreiro is a Windows banking trojan first documented by ESET in 2020, which has been one of the primary threats to Spanish speakers since the beginning of its operation in 2017.
The malware actively monitors the foreground window, looking for web browser processes related to banking activities, and if there's a match, it initiates communication with its command and control servers.
Grandoreiro developers released frequent updates to add new features and enhance the malware's capabilities, which indicates its operators' continued use of the project.
News URL
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection (source)
- Redline, Meta infostealer malware operations seized by police (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)