One of the new types of malware that has caught the attention of researchers is the Grandoreiro malware. Below we will discuss in detail what it is, how it works and how you can not fall victim to it.
What is Grandoreiro?
Written in the Delphi programming language, Grandoreiro is a Trojan banking overlay that has earned the name for its ability to steal money from online banking customers and has been active since at least 2017.
Remote banking Trojans overlays are designed to allow intruders to "take over" devices. This often means overlaying images (full screen) on computers of the victim when they have access to their internet bank account. Although this type of Trojan banking has not been advertised so much, it can be quite devastating, as it allows intruders to transfer money from a person's online bank account. victim to the intruder during the victim's online banking period.
How does Grandoreiro work?
Grandoreiro enters the first stage of infection when the user clicks on the malicious URL and the download program is downloaded. The next stage of the infection involves recovering the Grandoreiro payload via a URL written in the loader code.
Once the infection phases are complete, Grandoreiro collects the following information from the infected computer:
- User name
- Computer name
- Bit number (32 or 64) and operating system version
- List of installed AV or antivirus
Grandoreiro has the ability to steal credentials in some versions of Google Chrome. It will create a fake Google Chrome extension called Edit This Cookie, which appears to support Grandoreiro's information theft capabilities by grabbing user cookies to steal user information and allowing an attacker to "drive" a user's active session. This means that the intruder does not need to control the computer from this point.
Every time an infected computer user visits a targeted banking site, Grandoreiro will invade the account and fraudulently transfer them to accounts controlled by them. hackers. While this is the focus of the attack, the Grandoreiro has other features and tools, such as keylogging, self-updating, keyboard and mouse simulation, and an extensive backdoor.
How to prevent Grandoreiro
Grandoreiro malware can be avoided with the classic prevention methods we have mentioned many times. Don't click on video on suspicious sites. If you do not know who the sender of an email is, do not download attachments or click on links from unknown URLs. In case of doubt, contact the intended sender through a different channel and confirm that it is him.
Many common antiviruses can detect and / or stop malware from being infected by computer your. While this may be the case, the first and best line of defense from malware such as Grandoreiro is a cyber security conscious user.