Threat Advisories:

Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries

Threat Level – Amber | Vulnerability Report
Download PDF

Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors’ mimic government officials in spear-phishing emails to entice victims to deploy “Grandoreiro.” The trojan is built in Delphi and employs techniques such as binary padding to inflate binaries, Captcha implementation for sandbox evasion, and command-and-control (C&C).

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs