Trojan

Grandoreiro

First seen: 2016 • Status: active

Currently Active Threat

Grandoreiro is a Latin American bank robber program that keeps coming back even after police try to stop it.

Overview

Grandoreiro is a Latin American banking trojan that targets Spanish-speaking countries. Despite law enforcement action, it continues operations with new variants.

Also Known As

Grandeiro

How It Spreads

  • Malspam
  • Fake invoices
  • MSI installers
  • ZIP attachments

What It Does

  • Banking overlay attacks
  • Credential theft
  • Remote access
  • Keylogging

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Grandoreiro C2 patterns
  • Check for overlay window creation
  • Analyze Spanish-language lure documents
  • Review MSI installer execution

MITRE ATT&CK Techniques

T1566, T1185, T1056, T1021

If You're Infected

  1. 1.

    Remove Grandoreiro malware

  2. 2.

    Reset banking credentials

  3. 3.

    Alert financial institutions

  4. 4.

    Review account activity

Related Malware

Chaes, Mekotio, Casbaneiro

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices