Despite the arrest of important operators in early 2024, Grandoreiro continues to be used by its partners in new campaigns. Kaspersky Global Research and Analysis Team (GReAT) has discovered a new light version focused on Mexico targeting around 30 banks.
Remaining one of the most active threats globally and targeting users of more than 1,700 banks, Grandoreiro variants account for around five percent of banking trojan attacks this year. Mexico is one of the most targeted countries by various Grandoreiro strains, including the new light version, seeing 51,000 recorded incidents this year.
Kaspersky data indicates Grandoreiro has been active since 2016. In 2024, the threat targets more than 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries and territories, lastly adding Asia and Africa to the list of its targets, making it a truly global financial threat. Among countries affected in Africa are Algeria, Angola, Ethiopia, Ghana, Ivory Coast, Kenya, Mozambique, Nigeria, South Africa, Tanzania, Uganda.
