Grandoreiro, a Brazilian banking trojan, has evolved since 2016 to become a global threat, targeting 1,700 banks and 276 crypto wallets in 45 countries. Despite arrests of some operators, the group remains active, with new versions featuring updated code and lighter versions focused on Mexico. The trojan’s infection chain typically starts with phishing emails containing malicious ZIP archives that download the Grandoreiro payload.
The Lynx ransomware group is a newer ransomware-as-a-service (RaaS) actor that has claimed more than 20 victims since July 2024. This group has been using tactics similar to those of INC Ransomware. Lynx’s malware capabilities may enable effective data theft and exfiltration, remote control, and the potential for significant financial losses for victims. The similarities between Lynx and INC suggest that the groups may share resources or have common origins, raising concerns about a potential increase in ransomware activity. This trend highlights the evolving nature of the ransomware landscape and underscores the need for organizations to implement robust security measures to protect against such threats.
The TrickMo Android banking trojan has evolved, adding new features such as the ability to steal unlock codes, making it even more dangerous. This malware is actively targeting users in Canada, the United Arab Emirates, Turkey, and Germany. Researchers have discovered C2 servers containing IP addresses of thousands of victims, demonstrating the malware’s wide reach and potential impact. Organizations should deploy robust mobile security solutions to safeguard against this evolving threat.
A new variant of the TrickMo banking Trojan has been discovered with enhanced capabilities. This malware can intercept OTPs, record screens, exfiltrate data, remotely control infected devices, grant permissions automatically, and even steal unlock patterns or PINs. The malware presents a deceptive user interface that mimics the device’s unlock screen, tricking victims into revealing their credentials. The primary targets of TrickMo are Canada, UAE, Turkey, and Germany. This malware poses a serious threat to individuals and organizations, as it can lead to financial losses and data breaches.