Police dismantles a network of scammers and malware vendors and recovers €3,500,000

The Spanish Civil Guard announced the arrest of 16 suspects in multiple Spanish locations accused of participating in a bank fraud network. After the arrests, authorities found evidence that the suspects received more than 270,000 Euros from compromised bank accounts using two sophisticated banking Trojans.

These malware variants, identified as Mekotio and Grandoreiro, would have been developed by sophisticated hacking groups based in Brazil dedicated to selling their malicious developments to other cybercriminal groups. These Trojans were designed to compromise Windows systems and are spread via email phishing campaigns.

After infecting the target device, the Trojans remain inactive until the affected users log in to their online banking platforms in order to inadvertently collect their credentials.

Spanish authorities claim that these Trojans were capable of collecting information from up to 30 different banks. After accessing the compromised bank accounts, hackers begin transferring the funds to other accounts under their control.

The arrest of the 16 suspects in Spain confirms previous reports, which mention last year that Brazilian cybercriminal groups had been updating their banking Trojans with the support of European banks, in addition to their classic Brazilian and Latin American targets. For example, security firm ESET detailed how these two banking Trojans grew in sophistication and reach from 2020.  

While Mekotio is a relatively new operation, Grandoreiro has been around since 2016 and is a very popular malware variant. Kaspersky experts called this Trojan a Tetrade, a code name used by this security firm to describe the four large families of banking Trojans.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.