- Joined
- May 15, 2016
- Messages
- 14,133
- Likes
- 2,643
- Points
- 1,730
ESET analysts have warned of a surge in the activity of the banking Trojan Grandoreiro against the backdrop of the ********* pandemic.
Experts write that previously written in Delphi Grandoreiro was distributed mainly through spam, through fake messages about the need to update Java or Flash. But now ESET experts have found that the banker, active since 2017, has been parasitic on the pandemic *********: it began to hide in videos on fake sites that promise to provide users with some sensational data on coronavirus. When you try to play a video on such a resource, the malware download starts on the user's device.
Among the functions of Malvari Grandoreiro are: window manipulation, self-updating, keylogger, emulation of mouse and keyboard actions, victim’s browser control and navigation to selected URLs, as well as device restart and blocking access to certain websites.
The trojan collects various information about compromised devices: computer name, username, version of the operating system. He finds out if the application for protecting access to online banking is installed, gets a list of installed security products. Some versions of Grandoreiro are also capable of stealing credentials stored in Google Chrome and Microsoft Outlook.
Unlike other banking trojans, Grandoreiro uses fairly small networks to spread. For different campaigns, different types of downloaders are selected, which are often stored in well-known public services such as GitHub, Dropbox, Pastebin, 4shared or 4Sync.
Researchers note that the banker is still focused primarily on users from Latin American countries: Brazil, Mexico, Spain and Peru.
Experts write that previously written in Delphi Grandoreiro was distributed mainly through spam, through fake messages about the need to update Java or Flash. But now ESET experts have found that the banker, active since 2017, has been parasitic on the pandemic *********: it began to hide in videos on fake sites that promise to provide users with some sensational data on coronavirus. When you try to play a video on such a resource, the malware download starts on the user's device.
Among the functions of Malvari Grandoreiro are: window manipulation, self-updating, keylogger, emulation of mouse and keyboard actions, victim’s browser control and navigation to selected URLs, as well as device restart and blocking access to certain websites.
The trojan collects various information about compromised devices: computer name, username, version of the operating system. He finds out if the application for protecting access to online banking is installed, gets a list of installed security products. Some versions of Grandoreiro are also capable of stealing credentials stored in Google Chrome and Microsoft Outlook.
Unlike other banking trojans, Grandoreiro uses fairly small networks to spread. For different campaigns, different types of downloaders are selected, which are often stored in well-known public services such as GitHub, Dropbox, Pastebin, 4shared or 4Sync.
Researchers note that the banker is still focused primarily on users from Latin American countries: Brazil, Mexico, Spain and Peru.