Two separate banking trojan campaigns are targeting Latin America and Europe, infecting Windows and Android devices with Grandoreiro and BTMOB malware, respectively, as reported by WatchGuard and ESET. These campaigns are aimed at companies in Spain, Portugal, Mexico, and mobile users in Brazil.
The Grandoreiro campaign focuses on banks in Portugal and uses the DLL Side-Loading technique to target financial institutions. This malware has been active since 2016 and can steal credentials from thousands of banks across 45 countries. Despite efforts to dismantle its infrastructure, Grandoreiro continues to evolve and expand its reach.
WatchGuard has identified a new campaign using DLL side-loading to launch DLLs developed in Delphi 11. These DLLs utilize sgcWebSockets for peer-to-peer and WebRTC communications, making it challenging to detect the malware.
Additionally, ESET has reported on the BTMOB Android remote access trojan, which can unlock devices, capture screenshots, log keystrokes, and steal credentials. This RAT is sold with an APK builder interface, allowing easy generation of new payloads for specific regions without writing any code.
BTMOB spreads through social engineering tactics, tricking users into installing malware-containing APK files from fake websites. The latest version of BTMOB offers enhanced APK protection and compatibility with Google Play updates.
The malware-as-a-service model of BTMOB lowers the barrier to entry for threat actors, increasing the risk of abuse through copycats and aspiring criminals. Leaked versions of BTMOB are already circulating in underground forums, posing a significant cybersecurity threat.
Both Grandoreiro and BTMOB highlight the evolving nature of banking malware, with threat actors quickly adapting and utilizing legitimate services to evade detection. Organizations need to enhance their cybersecurity defenses to combat these sophisticated campaigns effectively.
BTMOB RAT Features and Risks
BTMOB RAT is a powerful Android remote access trojan that enables threat actors to control devices remotely, steal sensitive information, and conduct malicious activities. The malware’s capabilities, ease of deployment, and affordability make it a significant cybersecurity threat that organizations must address proactively.
By understanding the tactics and techniques employed by BTMOB RAT, organizations can better protect their devices, networks, and data from potential compromise. Implementing robust security measures, educating users about phishing threats, and leveraging threat intelligence can help mitigate the risks associated with BTMOB and similar malware campaigns.
