Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

What’s new: Two malware campaigns, Grandoreiro and BTMOB, are targeting Windows and Android users in Latin America and Europe. Grandoreiro, a banking trojan active since 2016, employs DLL side-loading techniques to steal banking credentials from users in Spain, Portugal, and Mexico. The BTMOB RAT, which emerged in February 2025, allows attackers to remotely control Android devices and is distributed through social engineering tactics. Both malware families are evolving rapidly, utilizing advanced techniques to evade detection.

Who’s affected

Organizations and individuals in Spain, Portugal, Mexico, and Brazil are primarily targeted. Grandoreiro focuses on financial institutions, while BTMOB targets Android users through phishing schemes that mimic legitimate services.

What to do

• Implement robust email filtering to block phishing attempts.
• Educate users about the risks of clicking on suspicious links or downloading unknown software.
• Regularly update and patch systems to mitigate vulnerabilities exploited by malware.
• Monitor network traffic for unusual activity that may indicate malware presence.
• Consider deploying endpoint detection and response (EDR) solutions to identify and respond to threats quickly.

Sources

• The Hacker News