Kaspersky Reveals Grandoreiro's Lighter Version Of Banking Trojans That Are Increasingly Dangerous

Illustration of Trojan Grandoreiro (photo: Kaspersky)

JAKARTA - Kaspersky, has just revealed a new variant of the Grandoreiro banking Trojan, a lighter version that remains active even though the main operator was arrested in early 2024.

Based on the latest analysis, Kaspersky has identified a lightweight version of the Trojan targeting about 30 banks in Mexico and is one of the main highlights at the 2024 Security Analyst Summit.

Grandoreiro is an active Trojan since 2016, continuing to grow and becoming a global threat with 1,700 banks and 276 crypto assets in 45 countries as its target. In Mexico alone, there were 51,000 incidents related to this trojan throughout 2024.

Kaspersky's research team found that the group behind Grandoreiro had divided their code base into smaller and fragmented versions to continue the attack.

"We believe that only a few trusted affiliates have access to the malware source code to develop the lighter version," said Fabio Assolini, head of Latin American GReAT in Kaspersky.

In addition, the global cybersecurity company also revealed that this trojan has adopted new cryptographic techniques, such as Ciphertext Stealing (CTS), to encrypt malicious code sets and avoid detection, and even trick anti-fraud devices.

Although Grandoreiro does not operate like the "Malware-as-a-Service" model, Fabio explained, access to the source code appears limited to some trusted affiliates.

Until now Kaspersky is still monitoring the development of this threat and will present a complete analysis of Bali at the Security Analyst Summit 2024.