This wide-ranging trojan has returned from the dead — Grandoreiro malware revives following police action

Sead Fadilpašić

May 20, 2024 at 11:15 AM·2 min read

Magnifying glass enlarging the word 'malware' in computer machine code.

Grandoreiro, the banking trojan that was dismantled in January 2024, is back with a vengeance, according to a new report from IBM’s cybersecurity arm, X-Force, which claims the trojan has been updated, and is now targeting a much wider area.

In late January 2024, the Federal Police of Brazil, together with Interpol, the Spanish National Police, ESET, and Caixa Bank, dismantled the trojan operation, arrested five people, and made 13 search and seizure operations across Brazil.

At the time, it was said that Grandoreiro existed for seven years and primarily targeted Spanish-speaking nations.

Updates to the malware

Now, IBM’s X-Force said it spotted a new campaign, which started in March this year. For now, the goal is simply to deploy the trojan to as many victims as possible, and to that end, the attackers use a malware-as-a-service model. More than 1,500 banks around the world are targeted, located in 60 countries around the world (Central and South America, Africa, Europe, and the Indo-Pacific region).

It is also worth mentioning that the malware actively avoids endpoints in countries such as Russia, Czechia, Poland, and the Netherlands, and that it doesn’t run on Windows 7 devices located in the US, sporting no antivirus programs.

Besides attacking more people, Gradoreiro was also updated.

"Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails," the researchers explained.

"In order to interact with the local Outlook client, Grandoreiro uses the Outlook Security Manager tool, a software used to develop Outlook add-ins," the researchers said. "The main reason behind this is that the Outlook Object Model Guard triggers security alerts if it detects access on protected objects."

As usual, the best way to defend against these attacks is to be vigilant with all incoming email messages.

Via The Hacker News

More from TechRadar Pro

Microsoft wants to take any MFA and 2FA worries out of your hands
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Yahoo Finance
Tech companies bet on carbon removal startups as AI tests climate goals
Carbon removal technologies are becoming increasingly important for companies, particularly for tech giants locked in a fierce battle to become the leader in artificial intelligence.
Yahoo Finance
New jobs report report kicks off new month of trading: What to know this week
The June jobs report comes as the latest stock market rally took a breather to end May.
TechCrunch
Inside Apple’s efforts to build a better recycling robot
Last week, TechCrunch paid a visit to Apple's Austin, Texas manufacturing facilities. In recent years, the capital city has transformed into a hot bed for tech innovation, largely owing to a massive talent pool generated by nearby University of Texas at Austin. Just ahead of the pandemic, Apple confirmed that it would also be producing that model’s successor in the city.
Engadget
The ASUS Zenbook S16 laptop boasts an ultra-thin design and AMD's latest AI chip
The latest ASUS Zenbook S16 laptop boasts a revamped cooling system. It’s also lighter and thinner than ever.
Yahoo Finance
Beware the retirement savings 'time bomb,' tax expert warns
Taxes are the "retirement time bomb," according to one tax expert. Here's what you can do now.
Yahoo Sports
Commanders release K Brandon McManus after sexual assault lawsuit
Brandon McManus was accused of sexually assaulting two flight attendants last season with the Jaguars in a new lawsuit.
Yahoo Sports
White Sox's Tommy Pham says he's always prepared to 'f*** somebody up' after confrontation with Brewers' William Contreras
Chicago White Sox outfielder Tommy Pham told reporters he's always prepared to fight after an on-field confrontation with Milwaukee Brewers catcher William Contreras.
Yahoo News
Hunter Biden's gun trial begins this week. Here's everything you need to know about the case.
The president's son pleaded not guilty to three charges related to a 2018 gun purchase.
Yahoo Sports
Sky-Fever fallout: Foul on Caitlin Clark upgraded to flagrant-1, Angel Reese fined $1,000 for skipping interviews
The Sky have also been fined $5,000.
Autoblog
Toyota Supra's future to yet be decided publicly
BMW's ending production of the Z4 next year. Toyota isn't saying what will happen to its Supra that's on the German convertible.
Yahoo Finance
Companies were already wary of 2024 politics. Trump's verdict could solidify that caution.
Businesses are becoming more wary of politics even as billionaire bosses go public with their views. Donald Trump's conviction could deepen that divide.
Yahoo Life Shopping
Reviewers with limited mobility love this viral cactus back scratcher — and it's just $20
'Allows me to reach every inch,' wrote one fan of its flexible design.
Yahoo Life Shopping
'Pink power': This popular sudsy car wash is back in stock — and it's just $6
Give your ride a professional clean for less than the price of lunch.
Yahoo Life Shopping
Jennifer Garner 'loves' this SPF-infused moisturizer for 'dewy and great' skin — and it's $17
Grab the hydration face cream nearly 5,000 Amazon rave about for youthful skin at nearly 40% off.
Yahoo Life Shopping
This car handbag holder keeps my purse from spilling — and it's on sale for $15
Stretched between the front seats, this multitasking organizer blocks kid feet and curious dogs too.
Yahoo Sports
USWNT blanks South Korea 4-0 as Emma Hayes era begins
Mallory Swanson and Tierna Davidson each netted a brace in the win.
Yahoo Sports
Triple-A game called in 7th inning after catcher leaves in ambulance from backswing to head
Payton Henry, a Blue Jays minor leaguer, is reportedly doing well.
TechCrunch
WTF is AI?
The best way to think of artificial intelligence is as software that approximates human thinking. AI is also called machine learning, and the terms are largely equivalent — if a little misleading. The concepts behind today's AI models aren't actually new; they go back decades.
Engadget
Netflix’s animated Tomb Raider series now has a release date
Tomb Raider: The Legend of Lara Croft is coming to Netflix on October 10. Netflix announced the release date today along with a new trailer. The animated series picks up after the events of the Survivor Trilogy
Engadget
You can now watch Godzilla Minus One at home on Netflix
Netflix announced the surprise release today, coinciding with the film’s arrival for digital purchase and rental on VOD platforms including Prime Video and Apple TV. The black-and-white version will come to Netflix later this summer.

News

Life

Entertainment

Finance

Sports

New on Yahoo

This wide-ranging trojan has returned from the dead — Grandoreiro malware revives following police action

Updates to the malware

More from TechRadar Pro

Recommended Stories

Tech companies bet on carbon removal startups as AI tests climate goals

New jobs report report kicks off new month of trading: What to know this week

Inside Apple’s efforts to build a better recycling robot

The ASUS Zenbook S16 laptop boasts an ultra-thin design and AMD's latest AI chip

Beware the retirement savings 'time bomb,' tax expert warns

Commanders release K Brandon McManus after sexual assault lawsuit

White Sox's Tommy Pham says he's always prepared to 'f*** somebody up' after confrontation with Brewers' William Contreras

Hunter Biden's gun trial begins this week. Here's everything you need to know about the case.

Sky-Fever fallout: Foul on Caitlin Clark upgraded to flagrant-1, Angel Reese fined $1,000 for skipping interviews

Toyota Supra's future to yet be decided publicly

Companies were already wary of 2024 politics. Trump's verdict could solidify that caution.

Reviewers with limited mobility love this viral cactus back scratcher — and it's just $20

'Pink power': This popular sudsy car wash is back in stock — and it's just $6

Jennifer Garner 'loves' this SPF-infused moisturizer for 'dewy and great' skin — and it's $17

This car handbag holder keeps my purse from spilling — and it's on sale for $15

USWNT blanks South Korea 4-0 as Emma Hayes era begins

Triple-A game called in 7th inning after catcher leaves in ambulance from backswing to head

WTF is AI?

Netflix’s animated Tomb Raider series now has a release date

You can now watch Godzilla Minus One at home on Netflix