Brazil is famous for the numerous banking Trojans developed by local criminals. In the criminal underworld of this country are some of the most active and creative cybercriminals in the world. Like their counterparts in China and Russia, their cyberattacks have a strong local flavor, and were long limited to local bank customers. But now its attacks and operations are aggressively expanding beyond its borders, attacking banks in other countries. Tetrade is our description of four great families of banking Trojans, created, developed and propagated by Brazilian pirates, but now on a global scale.
The Trojans that we are going to see today are the main software distributed by Tetrade. Let’s start with Grandoreiro, which is a family of banking Trojans that began operating in Brazil and later in Western Europe. Our always trustworthy Kaspersky has witnessed Grandoreiro’s campaigns since at least 2016 and in fact attackers have been regularly improving their techniques, striving to remain undetectable and active for longer. Based on the analysis of the campaigns carried out by the company, it could be stated that Grandoreiro operates as a malware-as-a-service (MaaS) project. Since January 2020, Kaspersky’s telemetry shows that Grandoreiro has mainly attacked Brazil, Mexico, Spain, Portugal and Turkey but this may be temporary, we do not know if they will expand further.
As for Melcoz, it is the other main most active software and this family of banking Trojans developed by the Tetrade group has been active since at least 2018. Usually, the malware uses AutoIt or VBS scripts, added in MSI files, which they execute malicious DLLs using the DLL-Hijack technique, in order to bypass security solutions. This malware steals passwords from browsers and device memory, providing remote access to capture Internet banking access. It also includes a module for theft of Bitcoin wallets and although these have not been distributed to many parts of the world, we cannot rule out that they will expand in the future as we saw before.
More topics:
IcedID dangerous banking trojan
Trickbot malware that steals banking credentials
Bizarro dangerous new banking Trojan
[…] topics:Tetrade family of banking TrojansDridex is a malware that targets banking credentialsJaneleiro is a threat to personal and banking […]