By Andrei Skvarsky.
About 30 Mexican banks have been targeted recently by Grandoreiro malware despite the January 2024 arrest of key figures behind the highly sophisticated and dangerous computer bug, Russian cybersecurity company Kaspersky said.
Grandoreiro is a form of Trojan horse (or just trojan), a malware type that gives its user control of their victim’s computer and online activities and acts as spyware.
The attacked Mexican banks fell victim to a new, light version of Grandoreiro, according to a statement from Kaspersky, which said it had discovered the new strain.
According to Kaspersky data, in 2024 alone, Grandoreiro, which emerged in 2017, has attacked users of more than 1,700 banks worldwide with Asia and Africa added to its geography. The number accounted for about 5 per cent of banking trojan attacks detected by Kaspersky in 2024.
The company also said it had detected Grandoreiro attacks on 276 cryptocurrency wallets across the world this year.
Mexico has been one of Grandoreiro’s main targets, according to Kaspersky, with 51,000 attacks on the country recorded by the company this year.
Kaspersky said it had uncovered new self-protection tactics in the use of Grandoreiro in 2024. These include a code encryption technique and the use of a mouse to mimic real-user patterns in order to evade detection byartificial intelligence-based security systems.
In January 2024, five administrators behind a trojan banking operation were arrested by Brazilian police with Interpol assistance. Kaspersky has offices in Britain, Turkey, Dubai, South Africa, Singapore, Malaysia, Japan, the United States, Mexico and Brazil besides its headquarters in Moscow.