Banking Trojans robbing people of their money

July 18, 2020
banking trojans cybercrime group

A collaborative effort of a trojan malware cybercrime group was exposed recently by Cybersecurity experts, which are based in Brazil, targeting mainly banks and other financial institutions. Let alone the group efforts are believed to be expanding through the Latin America region and some parts in Europe benefitting that Brazilian banks have tie-up connections to other countries on said region sharing a common language. The family was tagged as ‘Tetrade’ by the experts is composed of known hacking groups such as Guildma, Javali, Melcoz, and Grandoreiro. These groups have already been operating for years now and have been confirmed collaborating for a much higher rate of successful trojans attack. Since their central operation is in Brazil, evidence shows they are overseeing activities on other locations through recruitment of local adversaries and providing malware-as-a-service support to ensure its profit.

Guildma and Javali started in 2015 and 2017, respectively, which expertise is in the use of a multi-layered infiltration process that centers through Business Email Compromised (BEC). The embedded malware trojans through email attachments that are stealthily hidden and can bypass security application installed by the targeted institution. Melcoz and Grandoreiro, on the other hand, specialized with bitcoin transaction infiltration and remote command and control access to a compromised system to do illegal banking transactions at the expense of the controlled computer to bypass bank’s security of untrusted device access.

Listed amongst other capabilities of the Tetrade is to gather intel of credentials and behind-the-back transaction unknowingly to the user that they are viewing a domain-controlled page of the attacker. This means that once the user logged in to his online account, the user is being redirected to other pages that mimic the interface of his banks, which is controlled by the perpetrators. While the user peruses on the deceitful page, attackers are now able to view the secured online account page of the victim and be able to do their illegal transaction.  Once the victim gets into the main page of the account, the unauthorized transfer has been done to an untraceable account.


These innovative moved of the perpetrators only convinced cybersecurity experts that different trojans hacking technology can be combined to become a more stable and lethal tool with a much higher rate of success.


To rival this malicious activity, cybersecurity experts must be empowered with the latest trends of different attack types and flexible mitigation plans equipped with sophisticated security software for countermeasures. Nonetheless, staying vigilant and random monitoring on the system is advised with a regular security awareness campaign is also highly needed.

About the author

Leave a Reply