coronavirus Archives - Version 2 Limited

BRATISLAVA, PRAGUE – As part of an ongoing series on Latin American banking trojans, ESET researchers take an in-depth look at Grandoreiro. This trojan targets users especially in Brazil, Mexico, Spain and Peru. Distributed almost exclusively through email spam, it has lately started to utilize fake websites capitalizing on the global coronavirus pandemic. Grandoreiro reveals a persistent effort from its authors to evade detection. Although ESET has seen Grandoreiro primarily distributed through spam, where the authors usually utilize a fake Java or Flash update, recently we have observed a shift to COVID19 related scams. The trojan was hiding in videos on fake websites promising information about the coronavirus. However, instead of playing, clicking the video leads to the download of a payload on visitors’ devices.Grandoreiro has been active since at least 2017 in Brazil and Peru, expanding to Mexico and Spain in 2019. As with other Latin American banking trojans in this series, Grandoreiro attacks its victims by displaying fake pop-up windows as a ploy to get them to divulge sensitive information.

The backdoor functionality of Grandoreiro includes manipulating windows; updating itself; capturing keystrokes; simulating mouse and keyboard actions; navigating browsers to chosen URLs; signing out and restarting machines; and blocking access to websites. Grandoreiro collects various information about affected machines and, in some versions, it also steals credentials stored in Google Chrome as well as data stored in Microsoft Outlook browsers.“For a Latin American banking trojan, Grandoreiro utilizes a surprisingly large number of tricks to evade detection and emulation. That includes many techniques to detect or even disable banking protection software,” says ESET researcher Robert Šuman, leading the team analyzing Grandoreiro. “They seem to be developing the banking trojan very rapidly. Almost every new version we see introduces some changes. We also suspect they are developing at least two variants simultaneously. Interestingly, from a technical point of view, they also utilize a very specific application of the binary padding technique that makes it hard to get rid of the padding while keeping a valid file,” adds Šuman.Unlike the majority of Latin American banking trojans, Grandoreiro utilizes quite small distribution chains. For different campaigns, it may choose a different type of downloader. These downloaders are often stored on well-known public online sharing services such as GitHub, Dropbox, Pastebin, 4shared or 4Sync.

For more technical details about Grandoreiro, read the blogpost “Grandoreiro: How engorged can an EXE get?” on WeLiveSecurity.com. Make sure to follow ESET research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

BRATISLAVA, April 14, 2020 – Scientists from the Slovak companies MultiplexDX, Lambda Life and ProScience Tech have joined forces with virologists from the Biomedical Center of the Slovak Academy of Sciences (BMC SAV) to develop a reagent kit according to World Health Organization (WHO) protocols for reliable SARS-CoV-2 detection. In the first phase they plan to produce and make available 100,000 PCR tests. The ESET Foundation supported the development of the kit and will finance the first 100,000 tests to be offered as an in-kind gift to the Slovak Republic.

Key components have been brought to the project by MultiplexDX, a company dedicated to developing and manufacturing various innovative molecular diagnostic reagents. The Slovak PCR test is currently being validated in cooperation with a team of scientists from the BMC SAV. Preliminary results of the new test not only show nominal functionality, but also good sensitivity compared to currently used diagnostics. “This means that our test is reliable and accurate and can help diagnose early stage patients. We can produce key components for 100,000 PCR tests within two weeks,” explained Pavol Čekan, founder of MultiplexDX.

“In the process of validation and subsequent registration of the resulting report, we are cooperating with the non-profit organization CCCT SK. This stage is estimated to take about three weeks,” said Adam Andráško of ProScience Tech.

“Virus detection consists of sample collection, RNA isolation and PCR diagnostics, with our joint efforts focused on the last step,” said Ivan Juráš of Lambda Life.

“I believe that the efforts of our scientists will be crowned with success, and that we will have sufficient PCR tests from our own resources for the task at hand, coronavirus detection. This will not only help Slovakia by providing much-needed testing, but will also create a reserve in case there is a shortage of tests globally,” noted Robert Mistrík from the permanent crisis staff.

The ESET Foundation supported the development of the test and provided funding for the first 100,000 units from its fund to support the effective diagnosis and prevention of COVID-19. These tests will be offered as a gift to Slovak state institutions. “When creating the fund, it was important for us to ensure effective mass-scale diagnostics, which can only be achieved through scientific cooperation. Such a critical situation reveals the importance of supporting science in Slovakia, which the ESET Foundation has been dedicated to for a long time,” said Richard Marko, CEO of ESET.

Production capacity, including the first 100,000 tests, will be available primarily to diagnostic laboratories on the Slovak market. “We are ready to cooperate with state laboratories, flexibly responding to their needs and supplying them efficiently. After satisfying the needs of Slovak laboratories, we can then direct our capacities to other countries that may need our products,” explained the authors of the test.

coronavirus 2020 ESET COVID-19 SARS-CoV-2