Brazilian criminals are considered as one of the most creative perpetrators of cybercrime around the globe for the past few years. Recently, a ‘Tetrade’ of four malware was also found expanding their attacks and operations on a global platform.
The Brazilian Tetrade
A group of four banking Trojan families Guildma, Javali, Melcoz, and Grandoreiro, were seen spreading beyond their local geographical boundaries and attacking users till wider Latin America and Europe.
Collectively known as ‘Tetrade’, the four banking malware have been using the latest innovations and a variety of new evasion techniques, while they started targeting users in North America, Europe, and Latin America.
Guildma and Javali malware are getting noticed because of its innovative ways of using YouTube and Facebook to host its C2 communications, and loading additional modules as requested.
Melcoz malware uses AutoIt or VBS scripts added into MSI files, which run malicious DLLs using the DLL-Hijack technique, aiming to bypass security solutions. Grandoreiro was observed using new techniques, that are usually used by banking institutions, to bypass security measures.
Recent attacks by Grandoreiro
Grandoreiro malware operators have been making gradual moves to expand its scope and establish itself as a global threat.
In May 2020, an improved version of Grandoreiro malware was seen targeting Portuguese victims. The new updates included latenbot-C2 features and several Portuguese banks were included in the malware operations.
In April 2020, Grandoreiro was seen taking advantage of the COVID-19 crisis to attack users, as it was hiding in videos on fake websites that promise to provide vital information about the virus.
Interesting trends about Brazilian Crime
Since the 2016 Rio Olympics, Brazil has gained the spot of the second-largest cybercrime hub in the world. And since then, Brazilian hackers have been attempting to grow their campaigns further by developing new tactics and enhancing their malware to establish a name in the global crime market.