At the beginning of 2025, Mexico became the leading country for financial cyberattacks in Latin America and ranked tenth globally, according to a recent report by Kaspersky. This alarming leadership is largely due to the activity of the Grandoreiro banking trojan, a Brazilian-origin malware that has infiltrated thousands of devices to steal banking credentials. Most concerning is its ability to bypass even biometric authentication and two-factor authentication mechanisms—technologies that were, until recently, considered strong barriers against fraud.
“It is one of the most active banking trojans in the world and, over the past year, has focused its attacks on Mexico,” explained Fabio Assolini, Director of the Global Research and Analysis Team for Latin America at Kaspersky. Grandoreiro has used fake emails, featuring supposed payment receipts or CFDIs (Digital Tax Receipts via Internet), to deceive its victims. This threat has already affected customers of nearly 30 banks and has been linked to over 51,000 incidents in the country.
The rise of Grandoreiro not only reflects the increasing sophistication of cybercriminals but also highlights the urgent need to strengthen cybersecurity practices at both personal and business levels.
Analysis of the Grandoreiro Malware (Source: Welivesecurity)
The director explained that, to date, Grandoreiro has targeted more than 1,700 banks and 276 cryptocurrency wallets across 45 countries. And the worst part is that this doesn’t seem likely to stop anytime soon. According to his remarks, these types of threats will continue to affect users because criminal groups don’t operate alone—they often partner with local accomplices to carry out their attacks. Furthermore, with the increase in mobile banking transactions, phishing attacks and other threats specifically designed for mobile devices are also expected to rise.
Loan Sharks and SpyLoan: The Digital Fraud that Keeps Growing in Mexico
On another front, “montadeudas” schemes continue to wreak havoc in Mexico. According to Kaspersky experts, these malicious apps—downloaded under the promise of offering quick loans but ultimately stealing victims’ contacts and data—remain highly active in the country.
Fabio Assolini recalled that in 2024, these apps, also known as SpyLoan, accounted for 12% of all mobile device attacks in Latin America. What started in Mexico has now spread to other countries such as Colombia, Peru, Chile, and Brazil.
“The uncertain economic situation in the region is driving many people to seek quick and risky solutions, like the loans offered by these fraudulent platforms,” he noted. Far from disappearing, this type of threat has not only persisted but has increased, following a trend that has now become global.
Worldwide, Kaspersky detected 33.3 million attacks on mobile devices over the past year. The most common threats are apps filled with unwanted ads (Adware, accounting for 57% of attacks), trojans (25%), and RiskTools (12%)—a category that specifically includes the notorious SpyLoan apps. This type of malware continues to pose a serious risk to device security, privacy, and users’ personal information.
Predatory Loan apps that have operated in Mexico
Read more: Recharge App Hacked in Mexico and Millions of Data Leaked
Conclusion
Financial cyberattacks have become a reality in Mexico. Banking trojans and predatory loan apps not only affect large companies—they also put ordinary people at risk, people who are simply trying to manage their money in an easy and secure way. What once seemed like a distant problem can now happen to any of us.
That’s why, instead of just worrying, it’s time to take action. Staying informed, protecting our passwords, being skeptical of offers that seem too good to be true, and learning to recognize signs of fraud can make all the difference. You don’t need to be a tech expert; by staying informed, learning to spot potential threats, and adopting a few security habits, we can protect ourselves much more effectively.
At TecnetOne, we believe digital security should be accessible to everyone. And if you ever feel overwhelmed or don’t know where to start, don’t worry—we’re here to help.
