Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Banking Malware Targets Windows and Android Devices

Banking Malware Targets Windows and Android Devices

Posted on May 27, 2026 By CWS

In a recent development, two distinct malware campaigns have drawn attention for targeting Windows and Android platforms. These campaigns, identified as Grandoreiro and BTMOB, are specifically aimed at banking institutions and individual users in Latin America and Europe.

Grandoreiro Malware Campaign

WatchGuard and ESET have reported that the Grandoreiro banking trojan is currently targeting financial entities in Spain, Portugal, and Mexico. This malware has been operational since 2016 and continues to evolve, posing a significant threat through phishing emails that lure recipients into clicking malicious links.

Despite efforts to dismantle its infrastructure, Grandoreiro has expanded its reach, employing CAPTCHA checks to evade detection. The malware campaign leverages DLL side-loading, utilizing libraries like mingwm10.dll and libwebp.dll, which incorporate WebRTC communication for peer-to-peer data exchange. This technique complicates monitoring and analysis due to the noisy nature of web conferencing traffic.

Additional libraries, such as libffi-6.dll and libpng15.dll, use ICE protocols to achieve similar goals, targeting banks like Abanca and Santander in Portugal. The campaign’s sophistication underscores the persistent threat posed by financially motivated cybercriminals.

BTMOB RAT: A New Threat on Android

Alongside the Grandoreiro campaign, ESET has highlighted the emergence of BTMOB, a remote access trojan targeting Android devices. First detected in February 2025, this malware allows attackers to unlock devices, capture sensitive information, and exert remote control, all facilitated through social engineering tactics.

BTMOB spreads through fake websites, posing as legitimate app listings on Google Play Store. Once installed, it exploits Android’s accessibility services to gain further control, making it a formidable tool in the hands of cybercriminals. The malware is sold as a service, lowering entry barriers for less skilled attackers.

Implications and Future Outlook

The continued activity of these malware campaigns highlights the adaptability of threat actors who exploit legitimate services and disguise malicious activities within trusted traffic patterns. The availability of ready-made tools like BTMOB further democratizes cybercrime, making sophisticated attacks accessible to a broader range of perpetrators.

As these campaigns evolve, it is crucial for individuals and organizations to remain vigilant, implementing robust security measures and staying informed about emerging threats. Cybersecurity experts emphasize the importance of comprehensive defenses that go beyond surface-level monitoring to detect and mitigate these sophisticated attacks.

The Hacker News Tags:Android, banking trojan, BTMOB, cyber attacks, Cybersecurity, DLL side-loading, ESET, Grandoreiro, Malware, Phishing, RAT, WatchGuard, Windows

Post navigation

Previous Post: Motorola Phones Redirect Amazon App with Affiliate Codes
Next Post: SymJack Attack Exploits AI Coding Tools in Supply Chains

Related Posts

Joomla JCE Vulnerability Exploited for PHP Code Execution Joomla JCE Vulnerability Exploited for PHP Code Execution The Hacker News
CISA Warns of Active n8n Vulnerability Exploitation CISA Warns of Active n8n Vulnerability Exploitation The Hacker News
Quasar Linux RAT Endangers Software Supply Chains Quasar Linux RAT Endangers Software Supply Chains The Hacker News
Google Halts Major Cyber Espionage Campaign Targeting 53 Entities Google Halts Major Cyber Espionage Campaign Targeting 53 Entities The Hacker News
Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts The Hacker News
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark