Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe

The Grandoreiro banking trojan has reemerged in fresh phishing campaigns targeting users in Latin America and Europe, cybersecurity firm Forcepoint reports.

Active since at least 2016, the trojan initially operated in Brazil only, but started targeting Mexico, Portugal, and Spain in a series of attacks observed roughly half a decade ago.

Believed to be operating under a malware-as-a-service (MaaS) business model, part of the Tetrade umbrella, it appears to have survived law enforcement takedown attempts in 2021 and 2024, and the arrest of several of its operators.

In early 2024, Grandoreiro was seen targeting over 1,500 banking applications and websites in more than 60 countries, impersonating Argentinian, Mexican, and South African government entities.

By the fourth quarter of the year, it was targeting 1,700 banks and 276 crypto wallets, adding Asia to its list of targets and becoming a truly global financial threat.

More recently, Forcepoint observed phishing ...