Technology

Kaspersky uncovers new Grandoreiro light variant

Despite the arrest of important operators in early 2024, Grandoreiro continues to be used by its partners in new campaigns. Kaspersky Global Research and Analysis team (GReAT) has discovered a new light version focused on Mexico targeting around 30 banks. These findings are to be highlighted at the Security Analyst Summit (SAS) 2024. Remaining one of the most active threats globally and targeting users of more than 1,700 banks, Grandoreiro variants account for around five percent of banking trojan attacks this year. Mexico is one of the most targeted countries by various Grandoreiro strains, including the new light version, seeing 51,000 recorded incidents this year.

After assisting an INTERPOL-coordinated action, which has led to Brazilian authorities arresting operators behind a Grandoreiro banking trojan operation, Kaspersky discovered that the group’s codebase has been split into lighter, fragmented versions of the trojan, to continue its attacks. Recent analysis has identified a specific light version focused primarily on Mexico, which has been used to target approximately 30 financial institutions. The creators likely have access to the source code and are launching new campaigns using the simplified legacy malware.

“All the recent developments underscore the evolving nature of the threat. Fragmented and lighter versions may represent a trend that could extend beyond Mexico and into other regions, including beyond Latin America. However, we believe that only some trusted affiliates have access to the malware source code to develop such lighter versions. Grandoreiro operates differently from the traditional ‘Malware-as-a-Service’ model we are accustomed to. You won’t find announcements on underground forums selling the Grandoreiro package; instead, access to it appears to be limited,” explains Fabio Assolini, head of the Latin American (GReAT) at Kaspersky.

Multiple variants of Grandoreiro, including the new light version and the primary malware, accounted for approximately five percent of global banking trojan attacks detected by Kaspersky in 2024, making it one of the most active threats worldwide. Kaspersky has also analyzed the newer samples of the primary Grandoreiro from 2024, and observed new tactics. It records mouse activity to mimic real user patterns, aiming to evade detection by machine learning-based security systems that analyze behavior. By replaying natural mouse movements, the malware aims to trick anti-fraud tools into seeing the activity as legitimate.
Additionally, Grandoreiro has adopted a cryptographic technique known as Ciphertext Stealing (CTS), which Kaspersky has never seen being used in malware. In this case, its aim is to encrypt the malicious code strings. “Grandoreiro has a large and complex structure, which would make it easier for security tools or analysts to detect if its strings were not encrypted. This is likely why they introduced this new technique – to complicate the detection and analysis of their attacks,” Fabio Assolini elaborated.
Kaspersky data indicates Grandoreiro has been active since 2016. In 2024, the threat targets more than 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries and territories, lastly adding Asia and Africa to the list of its targets, making it a truly global financial threat.

 

 

Tech and Teen

Recent Posts

HONOR, Grameenphone join hands to bring exclusive benefits to customers

HONOR has recently signed a Memorandum of Understanding (MoU) with Grameenphone at GP House in…

5 hours ago

How to Stay Healthy During the Holidays

IT is the season for whipping up famed family holiday recipes and serving special, homemade…

5 hours ago

Malaysia Extends Visa Exemption for Indian Nationals Until 2026

The government has announced an extension of the visa exemption for Indian nationals until December…

5 hours ago

5th National Bee and Honey Conference held in Dhaka

The fifth National Bee and Honey Conference was held in Dhaka with the objectives of…

5 hours ago

vivo X Series Makes a Grand Comeback with the Flagship X200

Global smartphone manufacturer vivo is set to reintroduce its flagship X Series to the Bangladeshi…

6 hours ago

Walton extends warranty of computer monitor up to 3 years

Walton Digi-Tech Industries Limited, the leading tech giant in Bangladesh, has increased the warranty of…

6 hours ago