Kaspersky Discovers New Variant of Grandoreiro Light

Middle East News
Kaspersky Discovers New Variant of Grandoreiro Light

Published:

Reading time: 3 min.

The Resilience of Grandoreiro: A Persistent Financial Threat in 2024

In the ever-evolving landscape of cyber threats, few have demonstrated the resilience and adaptability of the Grandoreiro banking trojan. Despite significant law enforcement actions that led to the arrest of key operators in early 2024, Grandoreiro continues to thrive, with new campaigns targeting financial institutions across the globe. Recent findings from Kaspersky’s Global Research and Analysis team (GReAT) reveal a new light version of the malware specifically aimed at Mexico, targeting approximately 30 banks. These alarming developments will be highlighted at the upcoming Security Analyst Summit (SAS) 2024, underscoring the ongoing threat posed by this sophisticated malware.

A Brief History of Grandoreiro

Grandoreiro has been active since 2016, and its impact has only grown over the years. In 2024 alone, Kaspersky reported that the malware targeted more than 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries and territories. Notably, the malware has expanded its reach to include Asia and Africa, solidifying its status as a truly global financial threat. With Mexico being one of the most affected countries, Kaspersky recorded a staggering 51,000 incidents attributed to various strains of Grandoreiro this year.

The Evolution of the Threat

Following a coordinated action by INTERPOL, which resulted in the arrest of several individuals linked to the Grandoreiro operation, Kaspersky discovered that the malware’s codebase had been fragmented into lighter versions. This strategic shift allows the perpetrators to continue their attacks while evading detection. The newly identified light version, focused primarily on Mexico, exemplifies this trend, as it is being used to target around 30 financial institutions.

Fabio Assolini, head of the Latin American GReAT at Kaspersky, noted, “All the recent developments underscore the evolving nature of the threat. Fragmented and lighter versions may represent a trend that could extend beyond Mexico and into other regions, including beyond Latin America.” This adaptability highlights the persistent nature of Grandoreiro and its ability to circumvent law enforcement efforts.

A Unique Operational Model

Unlike many malware operations that follow a traditional "Malware-as-a-Service" model, Grandoreiro operates under a more clandestine approach. Assolini emphasized that access to the malware’s source code appears to be limited to a select group of trusted affiliates, making it difficult for outsiders to obtain and exploit. This exclusivity contributes to the malware’s resilience and ongoing success in launching new campaigns.

Advanced Tactics and Techniques

Kaspersky’s analysis of Grandoreiro has revealed new tactics that enhance its effectiveness. For instance, the malware now records mouse activity to mimic real user behavior, thereby evading detection by machine learning-based security systems. By replaying natural mouse movements, Grandoreiro aims to deceive anti-fraud tools into perceiving its actions as legitimate.

Additionally, the malware has adopted a cryptographic technique known as Ciphertext Stealing (CTS), which Kaspersky has not previously observed in malware. This technique encrypts malicious code strings, complicating detection and analysis efforts. Assolini explained, “Grandoreiro has a large and complex structure, which would make it easier for security tools or analysts to detect if its strings were not encrypted. This is likely why they introduced this new technique – to complicate the detection and analysis of their attacks.”

Protecting Against Financial Malware

Given the persistent threat posed by Grandoreiro, Kaspersky’s security experts recommend several protective measures for organizations and individuals alike. For organizations, implementing a Default Deny policy for critical user profiles, particularly in financial departments, is crucial. This policy ensures that only legitimate web resources can be accessed, reducing the risk of infection.

Additionally, providing cybersecurity awareness training to staff, especially those in accounting roles, is essential. Training should include instructions on how to detect phishing attempts and suspicious web pages. Organizations are also encouraged to utilize protection solutions for mail servers with anti-phishing capabilities, such as Kaspersky Security for Mail Server.

For individuals, the following precautions are advised:

  • Avoid opening links or documents from unexpected or suspicious messages.
  • Be vigilant about web addresses and the details of website interfaces.
  • Use reliable security solutions, such as Kaspersky Premium, to protect against a wide range of financial cyber threats.
  • Only install applications from trusted sources and refrain from granting permissions without verifying their necessity.
  • Regularly update and patch all software used to mitigate vulnerabilities.

Conclusion

As the landscape of cyber threats continues to evolve, Grandoreiro remains a formidable adversary in the realm of financial malware. Its ability to adapt and persist, even in the face of law enforcement actions, underscores the importance of vigilance and proactive measures in cybersecurity. The comprehensive analysis of Grandoreiro presented by Kaspersky at the Security Analyst Summit (SAS) 2024 serves as a critical reminder of the ongoing battle against cybercrime and the need for robust defenses against such sophisticated threats. As we move forward, both organizations and individuals must remain informed and prepared to combat the ever-present dangers posed by malware like Grandoreiro.

Related articles

Recent articles

Latest news

© 2024 BasicFundas.com [ CYBERSECURITY NEWS UPDATES ] All Rights Reserved.