Security Alert: The attacks of a trojan bankingdenominated Grandoreiromultiplied massively in Mexico and, in the last one, infected more than 31 thousand companies and users, revealed the cybersecurity firm Kaspersky.
It revealed that in 2023, banking Trojan attacks – in general – registered a increase of 50% in the region of Latin Americawith an increase record 41% in Mexican territory.
Through the report The Threat Panorama for Latin Americapointed out that a large part of these attacks come from Trojans or virus created in Brazilamong which stands out Grandoreirodue to its capacity to spread and effects.
He specified that said Trojan of a malware what rubber access credentials and passwordsas well as data from accounts o cards from any financial institution: banks, fintechs, cooperativesboxes of saving y companies that issue cards credit or that use new systems of paid.
“Grandoreiro is one of the many families of Brazilian Trojans that have global reach, thanks to the fact that they operate under a business known as Malware-as-a-Service (MaaS), That is, they have local partners to whom they sell access to the malware to use it in different attacks,” he noted.
“In the last two years, Mexico has been the second country in the world most attacked by Grandoreiro, after Brazil. In 2022, experts recorded 14 thousand attacks, while in 2023 the figure doubled to more than 31 thousand attacks.
“This malware has been one of the most active in the country, to the extent that it already represents 20% of all banking Trojan attacks detected.”
— Threat Landscape Study for Latin America
Be careful with your email
Kaspersk indicated that the email is the main way of infection cyber trojan Grandoreirothrough the sending of messages loaded with payment receipts and salaries, which violate the security of the teams.
“Los criminals send these e-mails in the name of different companies recognized, with supposed proof digital payment. The messages include a link and, with the use of social engineering, trick the user into doing clic and download to your computer a folder zip.
“This contains a executable file (loader) that analyzes the equipment of the victim and, upon confirming that it is a target of interest, it will install the Trojan, the cybersecurity form explained.
What happens if a Trojan infects my computer?
Kaspersky detailed that, once the computer or mobile device is infected, the malware can act with different techniques to steal both the financial information of the victims as their money.
For example:
- You can place a login window false on a financial institution’s actual site, for people to enter their usernames there, account numbers y passwords.
- Obtains said data remotely with tools that record everything clicked on the device. keyboardtoma Photos o videos from the screen.
- Capture the codes of check that the banks and other companies have implemented to confirm an online transaction.
- To take the money of stolen accounts, the criminals who operate Grandoreiro use washing mulesthat is, they hire ordinary people to receive the amount in their bank accounts personal.
- They also use applications shipment of money in which they can link the stolen accounts and make transfersor directly remove the cash of ATMs.
New wave Grandoreiro in Mexico
Through a collaboration between Kaspersky and Interpolallowed us to collect precise data on the operation of Grandoreirowhich helped Brazilian authorities arrest administrators who were behind an operation of this malware.
Unfortunately, he indicated, this does not mean that his activity has ended, since the Global Analysis and Research Team of Kaspersky identified a new variant of the Trojan, which is responsible for a wave of eight thousand 100 attacks and victims in Mexico, between January and April 2024.
“The experts identified that the emails sent by criminals have begun to use the Digital tax receipt by Internet (CFDI), a bill electronic system that guarantees the transactions carried out by both users and companies in the country.
“And, for this year, it is expected that the cybercriminals increase their attacks on Mobile banking and the payment systems in real time, given their greater adoption by companies and users, in addition to the fact that they also facilitate the activity cybercriminal”explained Kaspersky.
Data about Grandoreiro
Kaspersky reported that:
- Grandoreiro has been active since 2016.
- Between 2022 and 2023, worldwide, more than 150 thousand were registered victims.
- Today it has more than 900 in its sights financial institutions in more than 40 countries.
#steals #money #data #Publimetro #México
2024-04-25 17:11:34