Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries

Threat Level – Amber | Vulnerability Report
Download PDF

Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors’ mimic government officials in spear-phishing emails to entice victims to deploy “Grandoreiro.” The trojan is built in Delphi and employs techniques such as binary padding to inflate binaries, Captcha implementation for sandbox evasion, and command-and-control (C&C).

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox