Banking trojan unleashed: Observing emerging global campaigns
May 20, 2024, 10:05 a.m.
Description
IBM's X-Force has been tracking large-scale phishing campaigns distributing the Grandoreiro banking trojan, likely operated as a Malware-as-a-Service. The malware targets over 1500 global banks, enabling banking fraud in over 60 countries. The latest variant features major updates, including string decryption and domain generation algorithm enhancements, and the ability to spread through Microsoft Outlook clients. Campaigns impersonate government entities in Mexico, Argentina, and South Africa, indicating a change in strategy and global expansion since recent law enforcement actions against the operators.
Tags
Date
- Created: May 20, 2024, 9:40 a.m.
- Published: May 20, 2024, 9:40 a.m.
- Modified: May 20, 2024, 10:05 a.m.
Indicators
- fb3d843d35c66f76b1b1b88260ad20096e118ef44fd94137dbe394f53c1b8a46
- f8f2c7020b2d38c806b5911acb373578cbd69612cbe7f21f172550f4b5d02fdb
- d005abe0a29b53c5995a10ce540cc2ffbe96e7f80bf43206d4db7921b6d6aa10
- bfcd71a4095c2e81e2681aaf0239436368bc2ebddae7fdc8bb486ffc1040602c
- afd53240a591daf50f556ca952278cf098dbc5b6c2b16c3e46ab5a0b167afb40
- 97f3c0beef87b993be321b5af3bf748cc8e003e6e90cf5febf69dfd81e85f581
- 84572c0de71bce332eb9fa03fd342433263ad0c4f95dd3acd86d1207fa7d23f0
- 70f22917ec1fa3a764e21f16d68af80b697fb9d0eb4f9cd6537393b622906908
- 6772d2425b5a169aca824de3ff2aac400fa64c3edd93faaabd17d9c721d996c1
- 55426bb348977496189cc6a61b711a3aadde155772a650ef17fba1f653431965
- 3f920619470488b8c1fda4bb82803f72205b18b1ea31402b461a0b8fe737d6bd
- 2ab8c3a1a7fe14a49084fbf42bbdd04d6379e6ae2c74d801616e2b9cf8c8519c
- 29f19d9cd8fe38081a2fde66fb2e1eff33c4d4b5714ef5cada5cc76ec09bf2fa
- 10b498562aef754156e2b540754bf1ccf9a9cb62c732bf9b661746dd08c67bd1
- root@zpmbnoxf.crazydocuments.com
- rufnag.com
- pjohconstruccionescpaz.com
- innovation.ai
Additional Informations
- Costa Rica
- South Africa
- Chile
- Colombia
- Netherlands
- Argentina
- Spain
- Italy
- Peru
- Japan
- Mexico