The Spanish Civil Guard announced on Wednesday, July 14th that it had dismantled a group specialized in financial fraud over the Internet: the Guard arrested 16 people linked to the operations, which were carried out with the banking trojans Grandoreiro and Melcoz – Brazilian malware designed for robbery Internet Banking. The police managed to block financial operations totaling 3.5 million euros.
Kaspersky analysts congratulate the Spanish operation but warn that the threat has not been completely neutralized. “Unfortunately, the creators of the banking trojans are Brazilian and the individuals arrested in Spain are just the local operators. In other words, the creators of Grandoreiro and Melcoz must create new techniques to avoid the police screening that already exists now and must recruit new members to resume operations in the country”, says Fabio Assolini, senior security analyst at Kaspersky in Brazil.
Exactly a year ago, Kaspersky security analysts in Latin America had announced the internationalization of four Brazilian trojan families to the rest of the region and to other parts of the world, especially Europe. This trend was followed later by three more groups: Amavaldo, Ghimob and Bizarro. According to company detections, the two groups involved in the prison in Spain also distribute trojans in Brazil, Chile, Mexico, Portugal, Spain and Turkey.
The arrests were made in different Spanish cities that began when security agents blocked suspicious transfer attempts in 68 e-mail accounts belonging to official agencies. With the arrest, the police managed to clarify 20 crimes totaling 276,470 euros, of which 87,000 euros were recovered.
For financial institutions, Kaspersky’s recommendation is that they remain vigilant and monitor even more closely the international operations of Brazilian trojans, improving authentication processes, improving anti-fraud technology and seeking more details in Threat Intelligence reports to know how to detect and mitigate these risks.
“Our warning also applies to financial institutions operating in Chile and Mexico – which are targets of Melcoz and Grandoreiro. Improvements will certainly be applied to operations in these countries to avoid tracing by the local police”, highlights Assolini.