Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz (also known as Mekotio) cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe.
Grandoreiro is a banking Trojan malware family that initially started its operations in Brazil. Similarly to two other malware families, Melcoz and Javali, Grandoreiro first expanded operations to other Latin American countries and then to Western Europe. We have witnessed Grandoreiro’s campaigns since at least 2016, with the attackers regularly improving techniques, striving to stay undetected and active for longer periods of time. Based on our analysis of campaigns we have seen Grandoreiro operate as a Malware-as-a-Service (MaaS) project.
Since January 2020, our telemetry shows that Grandoreiro has attacked mostly Brazil, Mexico, Spain, Portugal, and Turkey.
On the other hand, Melcoz (also known as Mekotio) is a banking Trojan family developed by the Tetrade group which has been active since at least 2018 in Brazil, before they decided to expand overseas. We found the group attacking assets in Chile in 2018 and, more recently, in Mexico. There are also likely victims in other countries, as some of the targeted banks have international operations. Generally, the malware uses AutoIt or VBS scripts, added into ..
Support the originator by clicking the read the rest link below.
