Banking Trojan Campaigns Targeting Latin America and Europe with Grandoreiro and BTMOB
Patch: Update antivirus signatures to block Grandoreiro and BTMOB on Windows and Android endpoints, and monitor for banking trojan activity in Spain, Portugal, Mexico, and Brazil.
Patch: Update antivirus signatures to block Grandoreiro and BTMOB on Windows and Android endpoints, and monitor for banking trojan activity in Spain, Portugal, Mexico, and Brazil.
Summary
WatchGuard and ESET have uncovered two coordinated banking trojan campaigns that target Windows and Android devices in Latin America and Europe. The Windows trojan, named Grandoreiro, is designed to steal banking credentials from victims in Spain, Portugal, and Mexico. The Android variant, BTMOB, infects mobile users in Brazil and harvests banking information from their devices. Both malware families use sophisticated delivery mechanisms, including malicious links and compromised websites, to bypass endpoint protection. The campaigns specifically single out corporate targets, indicating a targeted threat actor with financial motives. Security teams should update antivirus signatures for Grandoreiro and BTMOB and monitor for suspicious banking activity in the affected regions. The findings highlight the need for continuous threat intelligence and region‑specific monitoring. Organizations in the targeted countries should also review their mobile device management policies.
Key changes
- Grandoreiro targets Windows banking credentials in Spain, Portugal, Mexico
- BTMOB targets Android banking credentials in Brazil
- WatchGuard and ESET identified the campaigns
- Both use malicious links and compromised websites for delivery
- The campaigns specifically target corporate accounts
- Security teams should update signatures and monitor for suspicious activity
- The threat underscores the need for region‑specific monitoring