More advanced anti-detection mechanisms — including ciphertext stealing encryption, domain generation algorithm usage for command-and-control, and mouse tracking — have been added to new iterations of the Grandoreiro banking trojan, indicating its continuous development amid persistent law enforcement efforts against the malware-as-a-service operation, The Hacker News reports.
Aside from determining the utilization of anti-malware solutions and banking security software in targeted systems, Grandoreiro has been enhanced with a CAPTCHA barrier, as well as keystroke logging, Outlook spam email discovery, and Outlook email keyword hunting capabilities, according to a Kaspersky analysis. Attackers have also been leveraging the Delphi-based Operator tool for remote device access. "The threat actors behind the Grandoreiro banking malware are continuously evolving their tactics and malware to successfully carry out attacks against their targets and evade security solutions. Brazilian banking trojans are already an international threat; they're filling the gaps left by Eastern European gangs who have migrated into ransomware," said Kaspersky researchers.
