Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Grandoreiro

A new banking trojan known as Grandoreiro was discovered targeting entities in Brazil, Mexico, Spain, and Peru. The threat actor behind the attacks is known to use counterfeit websites mimicking fake Java or Flash updates and recently added the COVID-19 pandemic to their arsenal. The initial infection vector is distributed through spam emails with malicious links to direct users to the fake sites. The malicious software is capable of exfiltrating a range of sensitive data including keystrokes, system information, a list of installed security products, and determine if the popular online banking application Diebold Warsaw GAS Tecnologia is installed.
Name Modified Date Sources
Operation Grandoreiro 2020-05-21