Attack on Poles' accounts. Grandoreiro will shave you down to nothing in no time
A dangerous Trojan called Grandoreiro returns with a vengeance and steals our money from our account. Its traces were also found in Poland.
In January 2024, a joint operation of officers from Brazil, Spain and Interpol, as well as specialists from ESET and Caixa Bank led to the arrest of several people associated with a dangerous Trojan. It operated primarily in Spanish-speaking countries and contributed to the theft of approximately $120 million. Now it is coming back with a vengeance, also in Poland.
The dangerous Grandoreiro Trojan is also lurking for Poles
IBM's X-Force Group reports that Grandoreiro is back and with a vengeance. Its activity was detected again in March 2024. It was probably shared with other cybercriminals in the form of MaaS (Malware-as-s-Service). This time, its traces were noticed in several dozen countries, including Poland.
According to experts, the Trojan has undergone several changes. In short, it has been significantly improved and offers additional, extremely dangerous features that make stealing money even easier. Malware is distributed using phishing campaigns in which criminals impersonate government institutions and energy companies. The messages are written in the victims' native language, which further increases their effectiveness.
There is a PDF attachment in the messages. After running it, a ZIP file of approximately 100 MB is automatically downloaded, which contains malicious software. What's more, Grandoreiro can disable Microsoft Outlook security and send the message to other people. Recently, traces of it have been detected in, among others, Poland, the Czech Republic, Russia and the Netherlands.
