Banking Malware Hits Windows Android

New banking trojan campaigns are targeting Windows and Android users in Europe and Latin America with Grandoreiro and BTMOB malware.

Security firms WatchGuard and ESET are reporting two active banking trojan campaigns targeting users in Europe and Latin America. One campaign deploys the Grandoreiro malware against Windows systems, while the other uses the BTMOB remote access trojan (RAT) to infect Android devices. The attacks appear highly targeted, focusing on companies in Spain, Portugal, and Mexico, with a separate focus on mobile banking users in Brazil. The primary goal of both malware families is to compromise devices to steal sensitive financial credentials and other personal data for fraudulent purposes.

The dual-platform nature of this threat is a significant concern for businesses, as it expands the attack surface to include both corporate desktops and personal or company-issued mobile devices. Grandoreiro is a sophisticated trojan capable of capturing keystrokes and online banking details, while BTMOB grants attackers remote control over Android devices. This creates a direct risk of financial loss and data breaches for organizations and individuals in the targeted regions. The coordinated effort highlights the importance of a comprehensive security posture that protects all endpoints and educates users on identifying phishing attempts and malicious applications on any device.

The dual-platform attack targets both Windows and Android, increasing the risk of financial data theft for businesses and their employees across multiple regions.

Infected devices can lead to direct financial losses through fraudulent transactions and significant data breaches, damaging both company finances and customer trust.