Spanish police have arrested 16 suspects accused of laundering money stolen using the banking Trojans Mekotio and Grandoreiro. The group was arrested last week as part of Operation Aguas Vivas (“Living Waters”), and the homes of the suspects were searched.The authorities say they found evidence of the suspects receiving more than €276,470 from bank accounts hacked with the help of bankers Mekotio (Melcoz) and Grandoreiro. In addition, representatives of the Spanish Civil Guard (Guardia Civil) say that the suspects had access to bank accounts, which contained about 3.5 million euros, but these funds had not yet been stolen from the owners and moved somewhere.
It is believed that the Mekotio and Grandoreiro Trojans were created by Brazilian hack groups that sell access to their tools to other criminals, who are already distributing malware and engaged in money laundering.
Both Trojans are designed for Windows machines and are usually distributed using fake emails that simulate messages from various real organizations. After infecting the victim, the Trojans hide and wait for the user to enter electronic banking in order to steal their credentials quietly.
Thus, the malware can steal credentials for 30 different banks. Once attackers gain access to victims’ bank accounts, they transfer funds to accounts under their own control.
Law enforcers say the criminal organization was structured and had a four-tiered hierarchy. On the one hand, there were those involved in receiving fraudulent transfers (level 1), which they later transferred to other group members (level 2). On the other hand, there were those who transferred money to other accounts located abroad (level 3), and, finally, those who were engaged in disguising the operations of the hack group (level 4).
Let me remind you that last year, Kaspersky Lab experts already warned that Grandoreiro and Melcoz expanded their attacks and reached users in Europe, North and Latin America. As the company now notes, Spain has been hitting hardest by banker attacks lately, only after the malware’s native Brazil.
Experts stress with regret that the persons arrested in Spain were only operators. That is, the creators of Grandoreiro and Melcoz remain free in Brazil, continue to develop malware and be able to attract new participants to their “business”.
Let me remind you that we reported that British law enforcement arrested hackers for swapping SIM cards and stealing money from celebrities, as well as that In Ecuador was arrested the head of the company responsible for the leakage of data of millions of citizens.
User Review( votes)