Four families of ‘malware’ (Guildma, Javali, Melcoz and Grandoreiro) have started targeting users from various American and European countries.

Guildma, Javali, Melcoz and Grandoreiro are four advanced families of banking malware of Brazilian origin that cybercriminals have begun to expand > abroad, to search for victims in other countries of America and Europe, including Spain .

This is warned by the Kaspersky security firm. «Brazilian cybercriminals, like those behind these four banking families, are actively recruiting affiliates in other countries to successfully export their malware worldwide,» explains Dmitry Bestuzhev, director of GReAT in Latin America. «Furthermore, they are continually innovating, adding new tricks and techniques to hide their malicious activity and make their attacks more lucrative.»

Known as Tetrade, these four threats stand out for their evasion techniques. For example, Guildma , which has been an active threat since 2015, last year began to hide malicious payload within the system from its victims with a special file format. It stores its communication with the control server in an encrypted format on Facebook and YouTube pages, making detection difficult.

Although at the beginning it only acted in Brazil, now it has spread throughout South America, the United States, Portugal … and Spain. Above all, it circulates through phishing emails that appear to be legitimate commercial notifications.

Grandoreiro has also reached Europe. In fact, it is the most widespread threat of the four. In operation since 2016, it is based on the malware as a service business model and uses compromised sites and spearphishing to do its thing. Like Guildma and Javali, it hides communications on legitimate third-party sites.

Javali has been present since 2017 and actions have already been discovered on its part against financial entities in Mexico. As for Melcoz , it appeared in 2018 and has also reached Mexico and Spain.

«It is foreseeable that these four families will start attacking more banks in other countries and that new families will appear,» says Bestuzhev. «This is why it is so important that financial institutions closely monitor these threats and take steps to enhance their anti-fraud capabilities.»