Arrests of members of Tetrade seed groups in South America

Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz cybercrime groups.

Sixteen individuals connected to the Grandoreiro and Melcoz (also known as Mekotio) cybercrime groups have been arrested. According to cybersecurity giant Kaspersky, both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe.

Grandoreiro is a banking Trojan malware family that initially started its operations in Brazil. Similarly to two other malware families, Melcoz and Javali, Grandoreiro first expanded operations to other Latin American countries and then to Western Europe. Kaspersky says: "We have witnessed Grandoreiro’s campaigns since at least 2016, with the attackers regularly improving techniques, striving to stay undetected and active for longer periods of time. Based on our analysis of campaigns we have seen Grandoreiro operate as a Malware-as-a-Service (MaaS) project."

Since January 2020, Kaspersky's telemetry shows that Grandoreiro has attacked mostly Brazil, Mexico, Spain, Portugal, and Turkey. Melcoz (also known as Mekotio), a banking Trojan family developed by the Tetrade group, has been active since 2018 in Brazil, before they decided to expand overseas. "We found the group attacking assets in Chile in 2018 and, more recently, in Mexico. There are also likely victims in other countries, as some of the targeted banks have international operations," says Kaspersky. Their malware uses AutoIt or VBS scripts, added into MSI files, which run malicious DLLs using the DLL-Hijack technique, aiming to bypass security solutions. This malware steals passwords from browsers and from the device’s memory, providing remote access to capture internet banking access. It also includes a Bitcoin wallet stealing module.

Kaspersky's telemetry confirms that since January 2020, Melcoz has been actively targeting Brazil, Chile, and Spain, among other countries.

Kaspersky says the work carried out by the Guardia Civil of Spain in actioning these arrests is "remarkable". "We recommend financial institutions stay vigilant and watch the threats that are part of the Tetrade umbrella closely while improving their authentication processes, boosting anti-fraud technology and threat intel data, and trying to understand and mitigate such risks," Kaspersky adds.

Share

Featured Articles

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Head of Industry Solutions at Illumio, Raghu Nandakumara, offers insight into the proposed ban on ransom payments and how businesses can utilise Zero Trust

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI

Gartner report highlights threat of supply chain attacks

Cyber Security