[Warning]: Grandoreiro banking trojan/malware evolves to target crypto wallets

[Dave1]

It seems that the cyber criminals behind the banking trojan Grandoreiro is back, but this time it evolved and target crypto currency as well. What's dangerous is that it focus on Latin-American countries and now also on their list is Africa, Europe, and the Indo-Pacific.

And in this campaign, the cyber criminals sent a email with a link to view an invoice or fee, account statement, make a payment, etc. depending on the impersonated entity.



Sample1 email that the targeted victim received.

Or another email like this,



So initially, if will check if the machine is not on the sandbox and collects the following information:

• Computer name
• Username
• OS version information
• Installed Antivirus solution
• Country of the victim’s public IP (via http://ip-api.com/json)
• List of running processes

And what a clever trick, they are going to bloat their payload by more than 100 MB so that AV will skipped it.

After that, when it is fetches everything from the C2 server, their command and control, it will go and profile their victims including crypto related wallets and exchanges and accounts.



https://securityintelligence.com/x-force/grandoreiro-banking-trojan-unleashed/

-So again the rule of thumb, do not click any links in your email, specially attachments and you don't know the source.
-Update your AV and OS
-And again, we should always protect our account/password/crypto wallets. There nothing more than educating ourselves from this kind of attacks as obviously we are the heavy target

[Ojima-ojo]

What I do is never to click any links unless I order for an email confirmation on any of my accounts, most times the gullible forks are the most victims because they can easily trust and clicks on any links some of them even go as far as creating accounts through the link with same email and a
Password they use on other of their accounts without minding to know what the trust level of the sites and the level of security which may comes from the back door.

[_act_]

-So again the rule of thumb, do not click any links in your email, specially attachments and you don't know the source.

You can still click on some links on your email. Example is if you register on a gambling site and the site sent you email to click on for verification. What I like is what you concluded it with, that the link that you do not know about and the ones that you do not initiate yourself like the gambling site verification email that I explained, do not click on it. Even if the email is from the site like exchanges that you are usingz do not click on it because it may be from scammers or hackers using almost similar email to that if the site that you are.

-Update your AV and OS

Prevention is better than cure right? I prefer to prevent to install malware instead. Preventing it is not hard if you know what you are doing.

-And again, we should always protect our account/password/crypto wallets. There nothing more than educating ourselves from this kind of attacks as obviously we are the heavy target

If you have huge amount of money on your wallet, use a cold wallet instead of hot wallet. For small amot you can use hot wallet and avoid malware.

[NotATether]

It should go straight to into the spam folder and it should go without saying that nobody should be clicking on random messages from people you don't even know. If you didn't sign up to a mailing list and this person is not in your contacts, you should be extra suspicious of the message.


Among the major email providers, I don't know any that do not catch this sort of phishing attempt.

[Churchillvv]

Bitcoin and/or crypto enthusiast are always a big target for every cyber attack. since I have my email used on several sites out of ignorance of how vulnerable it could be if exposed, I got a lost of messages that seems very suspicious.

Since I already got information about such attack here in the forum I literally don't give attention to every unsolicited emails. And some times my email provided usually do a great job by pushing most in to the spam category where I would like not reach where going through my mail.

Basically whenever I receive mails whether from an official site I don't click on it in a hurry because I know their are guys out there who gets informations from our devices without our knowledge and can be very tricky by sending a phishing link long side with an expected email from any site like banking apps emails etc hence when our ignorant fellows hit the links it automatically share the necessary informations that the scammers and/or hackers are looking for.

Anyways that's for sharing with us and keep an eye on latest information concerning cyber attacks.

[PrivacyG]

I suppose there is one thing every body should know and do.

Stop using the computer you have stored your Cryptocurrency Wallets on for other purposes than just Spending, Receiving and checking Balance or doing other Wallet related actions.

Even with out this Grandoreiro virus existing, it is still bad practice to use Wallets and other Software on the same computer.  You are risking your Bitcoin out of laziness and then you are the same guy who whines about losing their Coins.  Be smart, start working on a better Security practice.

[btc_angela]

What's with the attack on LAT-AM though, it seems that there are a lot of groups around that region and that it's their primary target and then ventured on some regions? As if they all testing it out first there? Maybe it's because of the law of laws or banking systems are not that well equipped and vulnerabilities are easily spotted by this groups and so they take advantage?

Anyhow thanks for this warning, and as we all know there are a lot of members here who are from that region.

And yes, as crypto investors, we should be refraining from clicking any links.

[albon]

The field of cryptocurrencies has become more prosperous than before. It includes vast communities of international investors and traders who engage with their emails on various platforms, projects, airdrops, etc. When a hacker seizes and obtains a user database from one of the companies and platforms, you will undoubtedly find that they send phishing emails to the victims' email addresses containing malicious links or attachments that are often injected with Trojans like Grandoreiro Banking.

Therefore, it is highly recommended not to expose your primary email address to the public and to completely ignore any links or attachments in emails, even if they are in the Inbox and not in Spam. Hastily downloading an attachment and running it on a device containing essential data and crypto wallets could have severe consequences.

[tabas]

Thanks Dave. Many needs to see this mostly those people that are not aware of whatever they're clicking on their emails especially the ones that contains a link. I still receive such emails today and I don't think that they will ever stop unless they change their paths and these scammers/hackers gets back to the rightful way of living.

It should go straight to into the spam folder and it should go without saying that nobody should be clicking on random messages from people you don't even know. If you didn't sign up to a mailing list and this person is not in your contacts, you should be extra suspicious of the message.

Among the major email providers, I don't know any that do not catch this sort of phishing attempt.

Yea, my yahoo email typically sends this kind of email to the Spam folder and those links will be not clickable. And from the top of the email, there is this small warning which I think they need to bold more or make its font color into red.

For your security we disabled all images and links in this email. If you believe it is safe to use, mark this message as not spam.