Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries

Threat Level

Attack Report

For a detailed advisory, download the pdf file here

Summary

Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors’ mimic government officials in spear-phishing emails to entice victims to deploy “Grandoreiro.” The trojan is built in Delphi and employs techniques such as binary padding to inflate binaries, Captcha implementation for sandbox evasion, and command-and-control (C&C).