16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain

Spanish legislation enforcement companies on Wednesday arrested 16 individuals belonging to a legal community in connection with functioning two banking trojans as element of a social engineering marketing campaign targeting economic establishments in Europe.

The arrests ended up made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero (Burgos) adhering to a year-lengthy investigation, the Civil Guard explained in a statement.

“By way of malicious program, mounted on the victim’s laptop or computer by the system regarded as ’email spoofing’, [the group] would have managed to divert large amounts of dollars to their accounts,” authorities noted.

Stack Overflow Teams

Computer tools, cellular phones, and files have been confiscated, and a lot more than 1,800 spam e-mails were being analyzed, enabling law enforcement to block transfer tries totaling €3.5 million effectively. The marketing campaign is claimed to have netted the actors €276,470, of which €87,000 has been efficiently recovered.

As element of an exertion to lend reliability to their phishing attacks, the operators worked by sending emails under the guise of authentic package delivery products and services and govt entities such as the Treasury, urging the recipients to click on a website link that stealthily downloaded malicious software on to the units.


The malware — dubbed “Mekotio” and “Grandoreiro” — functioned by intercepting transactions on a banking site to unauthorizedly siphon cash to accounts beneath the attackers’ regulate. At least 68 e-mail accounts belonging to formal bodies were contaminated to aid these fraudulent transfers.

“After that, the money was diversified by sending it to other accounts, or by withdrawing income at ATMs, transfers by BIZUM, REVOLUT playing cards, etc., in buy to hinder the probable police investigation,” the Civil Guard explained.

Enterprise Password Management

Grandoreiro is section of a Tetrade of Brazilian banking trojans as comprehensive by cybersecurity agency Kaspersky in July 2020, when Mekotio’s evolving techniques have been disclosed by ESET in August 2020, which involved exhibiting faux pop-up windows to its victims in an try to entice them into divulging sensitive data.

“These home windows are diligently intended to target Latin American banking companies and other economical establishments,” the Slovak cybersecurity firm experienced pointed out.

To keep away from falling prey to these kinds of assaults, the company is recommending that e mail and SMS recipients scrutinize messages diligently, especially if it is about entities with urgent requests, promotions, or really appealing bargains, when also taking measures to be on the lookout for grammatical mistakes and make certain the authenticity of the sender of the message.

Fibo Quantum