Malware variant targeting banks discovered

NGUYỄN ĐĂNG |

Variants of the Grandoreiro malware are becoming one of the major threats worldwide.

At the Security Analyst Summit (SAS) 2024, Kaspersky's Global Research and Analysis Team (GReAT) revealed a remarkable discovery: A Lite version of the Grandoreiro malware is targeting around 30 banks in Mexico.

Grandoreiro is currently one of the top threats in the banking security space, having targeted more than 1,700 banks and accounting for 5% of all banking trojan attacks globally this year.

Mexico is one of the hardest hit countries, with over 51,000 attacks involving Grandoreiro variants, including the aforementioned Lite version.

According to cybersecurity experts, cybercriminals have split Grandoreiro's source code into lightweight trojan versions (malware disguised as useful software or applications) to deploy new attack campaigns.

“When you look at all the malware that has been developed recently, it is not difficult to see that the threat landscape is becoming increasingly complex. The lightweight versions could signal a trend of attacks spreading outside of Latin America,” explains Fabio Assolini, head of Kaspersky’s Global Research and Analysis Team (GReAT) for Latin America.

Different variants of Grandoreiro, including the original malware and the lite version, accounted for about 5% of global banking attacks using the trojan detected by Kaspersky in 2024. This shows that Grandoreiro variants have become one of the most powerful threats worldwide.

Since 2024, Kaspersky has also analyzed new variants of the Grandoreiro malware and discovered that criminals are applying many new attack tactics.

For example, malware will record computer mouse activity to simulate real user behavior patterns, in order to bypass security systems based on machine learning to analyze behavior.

By simulating natural movements similar to a real user swiping a computer mouse, malware can “trick” anti-phishing tools and detect unusual behavior in the system.

Additionally, Grandoreiro uses an encryption technique that cybersecurity experts have never encountered in previous malware, making it difficult to detect and analyze cyber attacks.

According to data from Kaspersky, the Grandoreiro malware has been active since 2016.

By 2024, the threat had targeted more than 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries and territories.

Most recently, Asia and Africa have been added to Grandoreiro's target list; Grandoreiro has truly become a global financial threat.

NGUYỄN ĐĂNG
RELATED NEWS

Hundreds of workers collectively stop working to petition about welfare regimes

|

Thanh Hoa - Hundreds of workers at Long Yi Vietnam Footwear Co., Ltd. have collectively stopped working to petition about welfare regimes.

Fireworks schedule in Ho Chi Minh City tonight July 2nd

|

Fireworks schedule in Ho Chi Minh City on the evening of July 2nd at 16 locations to celebrate the 50th anniversary of the city named after Uncle Ho.

Forecast area at risk of widespread heavy rain due to the impact of storm No. 1 coming soon

|

It is forecast that the tropical depression is about to strengthen into storm No. 1. From the night of July 3, the Northeast region and Thanh Hoa are likely to experience a widespread heavy rain.

HCMC must glorify Uncle Ho's name with new achievements

|

Ho Chi Minh City must glorify Uncle Ho's name with new achievements, new values, and new contributions to development.

Red Trade Union - the core uniting the worker force in the early years of the revolution

|

On February 3, 1930, the Communist Party of Vietnam was established. Under the leadership of the Party, the Red General Confederation of Labor gathered the force of workers and boatmen, the main force of the Vietnamese revolution, creating the Xo Viet Nghe Tinh rise 1930-1931.

Phát tán mã độc chiếm đoạt dữ liệu, hưởng lợi chục tỉ đồng

Việt Dũng |

Nguyễn Văn Anh cùng đồng phạm phát triển mã độc, dùng thủ đoạn vờ tuyển dụng nhân sự dụ cho nạn nhân sập bẫy, rồi chiếm đoạt dữ liệu của họ.

Lừa đảo đặt phòng, chủ homestay mất tiền cọc vì link mã độc

nhóm pv |

Lợi dụng tình trạng khan hiếm phòng nghỉ dịp lễ 2.9, các đối tượng lừa đảo đã mạo danh khách sạn, homestay trên mạng xã hội để lừa tiền đặt cọc.

Gia tăng ồ ạt các đợt tấn công bằng mã độc tống tiền

Cẩm Hà - Khánh An |

Chỉ trong ít tháng đầu năm, thống kê của Cục An toàn thông tin (Bộ Thông tin và Truyền thông) cho thấy có hơn 300.000 nguy cơ tấn công mạng nhằm vào các hệ thống thông tin trên toàn quốc. Hệ thống của Trung tâm Giám sát không gian mạng quốc gia - NCSC cũng ghi nhận hơn 13.000 sự kiện an toàn thông tin liên quan đến mã độc ransomware trên các hệ thống thông tin.