Another in our occasional series demystifying Latin American banking trojans In this installment of our series, we introduce Grandoreiro, a Latin American banking trojan targeting Brazil, Mexico, Spain and Peru. As such, it shows unusual effort by its authors to evade detection and emulation, and progress towards a modular architecture. We have seen Grandoreiro being … More Grandoreiro: How engorged can an EXE get?
An email, pretending to be a reminder from An Post to renew the TV Licence, leads to a phishing website that steals payment card details. An email from a Brazil-linked address has been landing in Irish mailboxes lately, claiming to come from An Post, the subject stating “Your TV Licence is about to expire”: “Dear … More TV Licence scam email targeting Ireland
Número dois in our series demystifying Latin American banking trojans. Most reverse engineers would agree that quite often one can learn something new on the job. However, it is not every day you learn how to cook a delicious meal while analyzing malware. This unique experience is provided by a malware family we discuss in … More Casbaneiro: Dangerous cooking with a secret ingredient
The scam circulated through WhatsApp aimed at users in Brazil claiming that Nike will give away the jersey that the team will wear at FIFA World Cup Russia 2018. With ten days to go before the FIFA World Cup begins in Russia, cybercriminals are trying to take advantage of the event by tricking people into providing personal … More False contest to win jersey of the Brazilian team found on WhatsApp
ESET researchers noticed a huge outbreak of a new Spy.Banker variant, detected as Spy.Banker.ADEA. Nemucod has previously been one of the most detected malwares in Ireland. On the morning of Friday August 12th, at around 12pm CET this new variant was spotted in Brazil. Similar to previous ones used by other banking trojans in South America, … More Nemucod now spreading banking trojans