Grandoreiro Trojan Strikes Back: Now Targeting Global Banks in Over 60 Countries

Hot Take:

Just when you thought it was safe to trust your inbox again, Grandoreiro, the banking trojan, is back like a bad sequel nobody asked for. This pesky malware has undergone a makeover and is now eyeing banks globally after a brief stint in cyber-jail. Pack up your digital valuables, folks—Grandoreiro is on a world tour!

• Grandoreiro was dismantled in January but is now back targeting over 1,500 banks in 60 countries.
• The malware avoids certain countries and won’t bother outdated Windows 7 devices in the US sans antivirus.
• It has been upgraded with sneaky new features like string decryption, a fancy domain generating algorithm, and phishing capabilities using Microsoft Outlook.
• Grandoreiro operates on a malware-as-a-service model, aiming to infect as many victims as possible.
• The best defense? Keep your digital eyes peeled on all incoming emails. Vigilance is key!

Need to know more?

The Great Escape and Comeback

Imagine dismantling a notorious bank-robbing gang only to find them opening a new branch overseas. That’s Grandoreiro for you! Earlier this year, the Federal Police of Brazil, along with a host of international law enforcers and tech wizards, thought they had put an end to this financial menace. Fast forward a couple of months, and voilà, it’s back with a passport full of stamps and a hit list that includes over 1,500 banks worldwide.

Malware Without Borders

Grandoreiro’s new strategy is less about stealth and more about spreading its tentacles far and wide. The trojan’s travel itinerary excludes Russia, Czechia, Poland, and the Netherlands, and it seems to have a no-fly list for outdated US-based Windows 7 machines, especially those lacking antivirus armor. It’s like the malware version of that picky friend who won’t eat at certain restaurants.

Phishing with a Net(work)

The researchers at IBM’s X-Force have been peeking under Grandoreiro’s hood and they’ve noticed some shiny new upgrades. This isn’t your grandma’s malware; it now uses string decryption and a domain generating algorithm to stay one step ahead of cybersecurity sleuths. Plus, it’s gotten really good at fishing—phishing, that is. By exploiting Microsoft Outlook on infected hosts, Grandoreiro sends out phishing emails like party invites nobody wants.

Outlook Not So Good

Speaking of Outlook, Grandoreiro has a clever trick up its sleeve. It uses the Outlook Security Manager tool to bypass security alerts triggered by the Outlook Object Model Guard. This is kind of like using a fake ID to get past security at a concert—except the consequences involve more than just a hangover.

Defensive Measures

As always, the best weapon against such digital trickery is a good dose of skepticism. Treat every unexpected email like that distant cousin who suddenly calls you up asking for a loan. If something smells phishy, it probably is. Stay vigilant, update your software, and maybe don’t click on that email from the “bank” asking for your password, okay?

So, while Grandoreiro might be planning its global heist, being aware and prepared could make all the difference. Keep your digital doors locked and maybe install a peephole or two. Cybersecurity is no joke, but a little humor helps when dealing with bank-robbing malware comebacks!