Nearly 1,500 banks across more than 60 countries had their customer accounts targeted in a widespread Grandoreiro banking trojan campaign, which commenced just two months after the trojan was dismantled in an international law enforcement operation in January, according to BleepingComputer.
Click for more special coverage
Attacks part of the campaign involved the delivery of phishing emails spoofing Argentina-, Mexico-, and South Africa-based government organizations that lure recipients into clicking download links that would trigger the Grandoreiro loader, a report from IBM's X-Force team revealed.
Such a loader gives way to a significantly improved variant of the banking trojan, which includes more robust decryption and domain generation algorithms, updated Microsoft Outlook client targeting and persistence mechanisms, and expanded command set and banking app and cryptocurrency wallet targeting.
Victim profiling has also been added to the updated Grandoreiro trojan, which was noted by researchers not to target Russia, Poland, Czechia, and the Netherlands, as well as U.S.-based Windows 7 machines.