A massive attack using the Grandoreiro banking Trojan, malicious software designed to steal banking credentials and commit financial fraud, is being carried out by cybercriminals impersonating the Tax Administration Service (SAT) to deceive taxpayers into installing the malware unknowingly, according to reports from SILIKN.
The campaign, recently detected by SILIKN's investigation unit, represents a high risk due to the sophistication of the strategy used. Víctor Ruiz, founder of SILIKN and a certified cybersecurity instructor, explained that unlike previous attacks, this time cybercriminals send messages from legitimate accounts used to receive tax notifications, which potentially bypasses security measures.
The fraudulent email comes from a real account associated with authentic notifications, which may cause the message to go unnoticed by many antivirus programs. However, the danger lies in the fact that the email content includes a link that redirects to a malicious website designed to infect the devices of those who access it.
The Grandoreiro malware, a banking Trojan originating from Latin America, has the capability to steal banking credentials and modify financial transactions. It primarily spreads through phishing emails, where legitimate identities, such as those of financial institutions or payment services, are impersonated.
To protect against such attacks, SILIKN recommends not clicking on links or downloading attachments from suspicious emails, verifying the authenticity of the sender and the link before opening them, and reporting any email that raises doubts to the SAT through the appropriate reports.
In summary, it is important to be alert for emails that appear to come from legitimate entities, such as the SAT, and to exercise caution when interacting with them to avoid falling into cyber traps that could compromise personal and financial security and information.
