16 people behind the work of the Mekotio and Grandoreiro Trojans arrested in Spain

Spanish police have arrested 16 suspects accused of laundering money stolen using the banking Trojans Mekotio and Grandoreiro. The group was arrested last week as part of Operation Aguas Vivas (“Living Waters”), and the homes of the suspects were searched.

The authorities say they found evidence of the suspects receiving more than €276,470 from bank accounts hacked with the help of bankers Mekotio (Melcoz) and Grandoreiro. In addition, representatives of the Spanish Civil Guard (Guardia Civil) say that the suspects had access to bank accounts, which contained about 3.5 million euros, but these funds had not yet been stolen from the owners and moved somewhere.

Trojans Mekotio and Grandoreiro

It is believed that the Mekotio and Grandoreiro Trojans were created by Brazilian hack groups that sell access to their tools to other criminals, who are already distributing malware and engaged in money laundering.

Both Trojans are designed for Windows machines and are usually distributed using fake emails that simulate messages from various real organizations. After infecting the victim, the Trojans hide and wait for the user to enter electronic banking in order to steal their credentials quietly.

Thus, the malware can steal credentials for 30 different banks. Once attackers gain access to victims’ bank accounts, they transfer funds to accounts under their own control.

Law enforcers say the criminal organization was structured and had a four-tiered hierarchy. On the one hand, there were those involved in receiving fraudulent transfers (level 1), which they later transferred to other group members (level 2). On the other hand, there were those who transferred money to other accounts located abroad (level 3), and, finally, those who were engaged in disguising the operations of the hack group (level 4).

A feature noted by all the victims: after performing any banking operation via the Internet, their computers began to reboot and continued until access was blocked. Later it was discovered that at this time large sums of money were transferred to unknown accounts. After that, the money was divided by sending it to other accounts, withdrawing cash from ATMs, transfers using BIZUM, REVOLUT cards, and so on. All this was done to complicate a possible investigation.say representatives of the Guardia Civil.

Let me remind you that last year, Kaspersky Lab experts already warned that Grandoreiro and Melcoz expanded their attacks and reached users in Europe, North and Latin America. As the company now notes, Spain has been hitting hardest by banker attacks lately, only after the malware’s native Brazil.

Experts stress with regret that the persons arrested in Spain were only operators. That is, the creators of Grandoreiro and Melcoz remain free in Brazil, continue to develop malware and be able to attract new participants to their “business”.

Let me remind you that we reported that British law enforcement arrested hackers for swapping SIM cards and stealing money from celebrities, as well as that In Ecuador was arrested the head of the company responsible for the leakage of data of millions of citizens.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button