Search for an article

Select a plan

Choose a plan from below, subscribe, and get access to our exclusive articles!

Monthly plan

$
13
$
0
billed monthly

Yearly plan

$
100
$
0
billed yearly

All plans include

  • Donec sagittis elementum
  • Cras tempor massa
  • Mauris eget nulla ut
  • Maecenas nec mollis
  • Donec feugiat rhoncus
  • Sed tristique laoreet
  • Fusce luctus quis urna
  • In eu nulla vehicula
  • Duis eu luctus metus
  • Maecenas consectetur
  • Vivamus mauris purus
  • Aenean neque ipsum
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

HomeCII/OTESET participates in global operation to disrupt the Grandoreiro banking trojan

ESET participates in global operation to disrupt the Grandoreiro banking trojan

Published on

spot_img

…cluster, which accounts for 93.6% of all C&C servers and 94% of all victims, includes a wide variety of dga_ids, indicating the extensive reach of Grandoreiro. In contrast, the smallest cluster, with only one dga_id, accounts for 1.6% of C&C servers and 1.1% of victims.

The collaboration between ESET and the Federal Police of Brazil to disrupt the Grandoreiro botnet was a significant success. ESET’s technical analysis and data provided crucial information for identifying and arresting the individuals in control of the botnet’s servers. This joint effort highlights the importance of public-private partnerships in combating cybercrime.

Grandoreiro, a Latin American banking trojan, has been actively targeting Brazil, Mexico, and Spain since at least 2017. Its initial focus was on Brazil and Mexico, but in recent years, it expanded its operations to include Spain. However, in 2023, there was a clear shift in focus towards Mexico and Argentina.

The banking trojan’s functionality has remained relatively unchanged since 2020, with the exception of new domain generation algorithm (DGA) logic. Grandoreiro’s modus operandi involves monitoring web browser processes to initiate communication with its C&C server when bank-related strings are detected. Once a victim’s machine is compromised, the malware enables various malicious activities, such as logging keystrokes and displaying fake pop-up windows to steal the victim’s money.

ESET’s automated systems have been tracking Grandoreiro’s activities since 2017, extracting crucial information such as version details, C&C servers, and DGA configurations. The DGA configuration, hardcoded in the malware’s binary, generates multiple domains that resolve to active C&C server IP addresses. The abuse of No-IP’s Dynamic DNS service and cloud providers like AWS and Azure further complicates efforts to disrupt the botnet.

Despite the challenges posed by Grandoreiro’s constantly evolving nature, ESET’s long-term tracking systems have continued to monitor the banking trojan’s activities. The collaboration with the Federal Police of Brazil is a testament to the effectiveness of ESET’s expertise and resources in contributing to law enforcement efforts.

Furthermore, ESET’s research has revealed the clustering of DGA configurations and their associated dga_ids, providing valuable insights into Grandoreiro’s infrastructure. The data obtained from tracking the botnet’s activities has shed light on the extensive reach of Grandoreiro and the complexities involved in dismantling its operations.

In summary, ESET’s collaboration with the Federal Police of Brazil to disrupt the Grandoreiro botnet has demonstrated the value of public-private partnerships in combating cybercrime. The ongoing efforts to track and analyze the activities of banking trojans like Grandoreiro are essential in protecting individuals and organizations from the threats posed by these sophisticated malware. By leveraging technical expertise and data analysis, ESET continues to play a crucial role in identifying, disrupting, and ultimately dismantling malicious cyber operations.

Source link

Latest articles

CISA Includes CVE-2025-31161 in KEV Catalog

The recent addition of a new vulnerability to the Cybersecurity and Infrastructure Security Agency...

Rise in Cybercrime Leads to Consumer Neglect of Cyber Insurance

A recent report from the Insurance Information Institute (Triple-I) and HSB has shed light...

Flaw Exposes Over 50000 WordPress Sites

A recent discovery of a critical privilege escalation vulnerability in the Uncanny Automator plugin...

Phishing, fraud, and the financial sector’s crisis of trust

The financial sector is currently facing a significant threat from advanced phishing attacks and...

More like this

CISA Includes CVE-2025-31161 in KEV Catalog

The recent addition of a new vulnerability to the Cybersecurity and Infrastructure Security Agency...

Rise in Cybercrime Leads to Consumer Neglect of Cyber Insurance

A recent report from the Insurance Information Institute (Triple-I) and HSB has shed light...

Flaw Exposes Over 50000 WordPress Sites

A recent discovery of a critical privilege escalation vulnerability in the Uncanny Automator plugin...