WatchGuard and ESET found two active banking trojan campaigns targeting Windows and Android users across Latin America and Europe, including Grandoreiro attacks against banks in Portugal and BTMOB infections spread through fake app sites. Both families use phishing, legitimate-service abuse, and anti-analysis techniques to steal credentials and expand their reach. #Grandoreiro #BTMOB #Abanca #BancoDePortugal #BBVAPT #CaixaGeralDepositos #Santander #Revolut #Wise #EVLF #CraxsRAT
Keypoints
- Grandoreiro is targeting banks in Portugal through DLL side-loading.
- The malware uses WebRTC-related components and anti-analysis checks.
- Phishing emails deliver Grandoreiro via ZIP files and fake Adobe Reader updates.
- BTMOB is an Android RAT sold as a malware-as-a-service product.
- BTMOB spreads through fake websites and abuses Android accessibility services.
Read More: https://thehackernews.com/2026/05/grandoreiro-malware-and-btmob-rat.html