Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

WatchGuard and ESET report two active campaigns: Grandoreiro, a long-running Windows banking trojan leveraging DLL side-loading, WebRTC (STUN/ICE) for covert peer-to-peer communications and phishing-based distribution to target financial institutions in Portugal, Spain and Mexico; and BTMOB, an Android RAT-as-a-service distributed via phishing and fake app stores that abuses Android accessibility to capture credentials, screenshots, keystrokes and enable remote control, with a commercial builder, leaked source, and active underground sales increasing the risk of wider abuse.