Grandoreiro Banking Trojan Resurfaces, Organizations Urged to Bolster Defenses

computer, virus, trojan, Grandoreiro Banking Trojan Resurfaces

The notorious Grandoreiro banking trojan has reemerged in a series of global campaigns, targeting over 1,500 banks across 60 countries.

In light of these renewed threats, organizations, particularly those in the financial sector, are advised to take immediate steps to enhance their cybersecurity measures.

What is Grandoreiro Banking Trojan?

Grandoreiro, a Windows-based malware, is primarily distributed through phishing emails containing malicious attachments or links.

Once installed, it operates as a typical banking trojan, stealing sensitive financial information such as login credentials and account details.

Recent campaigns have seen Grandoreiro leverage Microsoft Outlook clients on infected hosts to spread further phishing emails, significantly amplifying its reach.

Additionally, the trojan has undergone updates to its string decryption and domain generating algorithm (DGA), making it more difficult to detect and block.

Grandoreiro banking trojan heatmap, Grandoreiro Banking Trojan Resurfaces

In response to these developments, cybersecurity experts recommend organizations review the following recommendations:

How Organizations Can Protect Themselves

#1. Exercise caution with emails and PDFs prompting a file download

Employees should be vigilant when opening emails or PDF attachments, especially those from unknown or suspicious sources.

Verify the legitimacy of the sender and the content before downloading or executing any files.

#2. Monitor network traffic

IT teams should monitor network traffic for multiple consecutive requests to, a known indicator of Grandoreiro infection.

#3. Block pre-calculated DGA domains

Consider blocking pre-calculated Domain Generation Algorithm (DGA) domains via DNS to prevent the malware from communicating with its command-and-control servers.

#4. Monitor registry Run keys

Regularly monitor the following registry Run keys for suspicious entries, as they are often used by Grandoreiro for persistence:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

#5. Install and configure endpoint security software

Deploy robust endpoint security solutions capable of detecting and blocking Grandoreiro and other malware threats.

#6. Update network security monitoring rules

Keep network security monitoring rules up-to-date to identify and alert on suspicious activity related to Grandoreiro infections.

#7. Educate staff

Conduct regular security awareness training to educate employees about the risks of phishing attacks and the tactics used by Grandoreiro.

Grandoreiro Banking Trojans in summary

The resurgence of Grandoreiro serves as a stark reminder that the cyber threat landscape is ever-evolving. It’s a call to action for all organizations to remain vigilant and proactive in their cybersecurity efforts.

Don’t wait for an attack to happen. Take the necessary steps now to protect your sensitive information and critical systems.

Remember, an ounce of prevention is worth a pound of cure in the digital world. Stay safe and secure.


Remote Access Trojans: What You Need to Know and How to Protect Yourself

What is a computer virus and how do you protect your computer from viruses?

FBI Takes Down Qakbot, a Notorious Cyber Threat

Discover more from Biztech Lens

Subscribe to get the latest posts to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Enjoy this blog? Please spread the word :)

Discover more from Biztech Lens

Subscribe now to keep reading and get access to the full archive.

Continue reading