Grandoreiro's dismantling

The Brazilian Federal Police carried out 'operation Grandoreiro', dismantling a cybercriminal organization responsible for banking malware. This joint action counted with the cooperation of Interpol and the National Police of Spain, which was launched following a complaint filed by a banking entity. In its report, the financial entity provided technical details about the infrastructure used by the cybercriminal organization in Brazil, which was hosted on Azure and AWS (Amazon Web Services) systems.

The investigation, with technical assistance from cybersecurity company ESET, revealed vulnerabilities in the design of the network structure and protocols used by the organization. The malware was distributed through phishing emails, mainly targeting users in Spain, Mexico, Argentina and other Latin American countries. Once infected, the devices allowed criminals remote access to steal sensitive information and banking credentials, then transferring the money through accounts controlled by the organization to make it difficult for authorities to trace.

This malware, active since 2017, initially focused on Mexico and Brazil, has increased focus on Spain since 2019, reaching its peak of activity between 2020 and 2022, with 28% of total victims. Economic losses of at least €110 million are estimated.