According to a new report from IBM’s X-Force, a widespread banking malware Grandoreiro has resurfaced in numerous new campaigns with improved functionality designed to make it a more meaningful threat.
The cybersecurity unit has been tracking several large-scale phishing campaigns since March including attacks impersonating Mexico’s Tax Administration Service, Federal Electricity Commission and Secretary of Administration and Finance, as well as the Revenue Service of Argentina and the South African Revenue Service.
“In each campaign, the recipients are instructed to click on a link to view an invoice or fee, account statement, make a payment, etc. depending on the impersonated entity.
“If the user who clicks on the links is within a specific country (depending on the campaign, Mexico, Chile, Spain, Costa Rica, Peru, or Argentina), they are redirected to an image of a PDF icon, and a ZIP file is downloaded in the background. The ZIP files contain a large executable disguised with a PDF icon, found to have been created the day prior to, or the day of the email being sent,” IBM X-Force said.
The malware has been observed since at least 2017 previously only targeting Spanish-speaking countries. The new Grandoreiro is a modular operation with the ability to target over 1500 global banking applications and websites in over 60 countries.
The latest version features updates that allow the malware to contact at least 12 different C2 domains per day. There are also new capabilities allowing it to spread more efficiently by harvesting victim data from targeted email clients.
“The updates made to the malware, in addition to the significant increase in banking applications across several nations, indicate that the Grandoreiro distributors are seeking to conduct campaigns and deliver malware on a global scale,” IBM X-Force concluded.
Emily Phelps, Director, Cyware:
“This incident underscores the need for organizations to adopt more proactive cybersecurity strategies. A collective defense approach and the implementation of cyber fusion strategies can help organizations get ahead of threats, operationalizing relevant threat insights and breaking down silos so that security teams can rapidly take action. As adversaries evolve their tactics, our collective defense must be equally dynamic and resilient.”
This highlights the fact that threat actors are taking attack code that is already out there and making them a lot more dangerous. This is why having the sort of defence that Ms. Phelps describes is the best way to stop your organization from getting pwned.
Related
This entry was posted on May 21, 2024 at 8:00 am and is filed under Commentary with tags IBM. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Global Banking Trojan Resurfaces With A Vengeance
According to a new report from IBM’s X-Force, a widespread banking malware Grandoreiro has resurfaced in numerous new campaigns with improved functionality designed to make it a more meaningful threat.
The cybersecurity unit has been tracking several large-scale phishing campaigns since March including attacks impersonating Mexico’s Tax Administration Service, Federal Electricity Commission and Secretary of Administration and Finance, as well as the Revenue Service of Argentina and the South African Revenue Service.
“In each campaign, the recipients are instructed to click on a link to view an invoice or fee, account statement, make a payment, etc. depending on the impersonated entity.
“If the user who clicks on the links is within a specific country (depending on the campaign, Mexico, Chile, Spain, Costa Rica, Peru, or Argentina), they are redirected to an image of a PDF icon, and a ZIP file is downloaded in the background. The ZIP files contain a large executable disguised with a PDF icon, found to have been created the day prior to, or the day of the email being sent,” IBM X-Force said.
The malware has been observed since at least 2017 previously only targeting Spanish-speaking countries. The new Grandoreiro is a modular operation with the ability to target over 1500 global banking applications and websites in over 60 countries.
The latest version features updates that allow the malware to contact at least 12 different C2 domains per day. There are also new capabilities allowing it to spread more efficiently by harvesting victim data from targeted email clients.
“The updates made to the malware, in addition to the significant increase in banking applications across several nations, indicate that the Grandoreiro distributors are seeking to conduct campaigns and deliver malware on a global scale,” IBM X-Force concluded.
Emily Phelps, Director, Cyware:
“This incident underscores the need for organizations to adopt more proactive cybersecurity strategies. A collective defense approach and the implementation of cyber fusion strategies can help organizations get ahead of threats, operationalizing relevant threat insights and breaking down silos so that security teams can rapidly take action. As adversaries evolve their tactics, our collective defense must be equally dynamic and resilient.”
This highlights the fact that threat actors are taking attack code that is already out there and making them a lot more dangerous. This is why having the sort of defence that Ms. Phelps describes is the best way to stop your organization from getting pwned.
Share this:
Like this:
Related
This entry was posted on May 21, 2024 at 8:00 am and is filed under Commentary with tags IBM. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.