Friday, August 7, 06:53
Home security Grandoreiro malware: What is it and how does it work?

Grandoreiro malware: What is it and how does it work?

One of the new types of malware that has caught the attention of researchers is the Grandoreiro malware. Below we will discuss in detail what it is, how it works and how you can not fall victim to it.

What is Grandoreiro?

Written in the Delphi programming language, Grandoreiro is a Trojan banking overlay that has earned the name for its ability to steal money from online banking customers and has been active since at least 2017.

Remote banking Trojans overlays are designed to allow intruders to "take over" devices. This often means overlaying images (full screen) on computers of the victim when they have access to their internet bank account. Although this type of Trojan banking has not been advertised so much, it can be quite devastating, as it allows intruders to transfer money from a person's online bank account. victim to the intruder during the victim's online banking period.

In the case of Grandoreiro, every time a user on a infected computer visits a targeted bank site, the invaders will start doing fraud μεταφορές from the account to which the user was connected.

Wholesale malware

How does Grandoreiro work?

Grandoreiro enters the first stage of infection when the user clicks on the malicious URL and the download program is downloaded. The next stage of the infection involves recovering the Grandoreiro payload via a URL written in the loader code.

Once the infection phases are complete, Grandoreiro collects the following information from the infected computer:

  • User name
  • Computer name
  • Bit number (32 or 64) and operating system version
  • List of installed AV or antivirus

Grandoreiro has the ability to steal credentials in some versions of Google Chrome. It will create a fake Google Chrome extension called Edit This Cookie, which appears to support Grandoreiro's information theft capabilities by grabbing user cookies to steal user information and allowing an attacker to "drive" a user's active session. This means that the intruder does not need to control the computer from this point.

Every time an infected computer user visits a targeted banking site, Grandoreiro will invade the account and fraudulently transfer them to accounts controlled by them. hackers. While this is the focus of the attack, the Grandoreiro has other features and tools, such as keylogging, self-updating, keyboard and mouse simulation, and an extensive backdoor.

How to prevent Grandoreiro

Grandoreiro malware can be avoided with the classic prevention methods we have mentioned many times. Don't click on video on suspicious sites. If you do not know who the sender of an email is, do not download attachments or click on links from unknown URLs. In case of doubt, contact the intended sender through a different channel and confirm that it is him.

Many common antiviruses can detect and / or stop malware from being infected by computer your. While this may be the case, the first and best line of defense from malware such as Grandoreiro is a cyber security conscious user.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Listening to Twitter hack stopped due to porn!

According to a newspaper, the hearing about the teenage hacker who was responsible for the attack that took place on Twitter, which ...

Colorado paid a ransom of $ 45.000 to hackers

According to Lafayette, Colorado officials, the city's electronic systems were breached and officials were forced to pay a ransom to recover ...

Trump vs Biden: Instagram bug favors Trump!

In Instagram hashtag searches for Democratic candidate Joe Biden, content was promoted in favor of Donald Trump.

LibreOffice 7.0: Comes with new features and improved appearance

LibreOffice is one of the best alternatives to Microsoft Office. In addition to providing ...

Pompeo: "Eliminate Chinese apps from Apple and Google stores"!

US Secretary of State Mike Pompeo on Wednesday called for an extension of the US government's restrictions on Chinese technology, saying that ...

Microsoft brings Android applications to Windows 10!

Microsoft has decided to integrate Android applications into Windows 10 with the new update of the "Your Phone" application.

Nudgebox: From DNA analysis to Covid-19 detection

Nudgebox is the product of a small DNA testing company that a few months ago was trying to gain its place in genetics ...

Twitter: Android error exposes DMs and other user data to hackers!

Twitter announced that it fixed a bug found in the Twitter application for Android, which could allow hackers to ...

Trump: Facebook removes misinformation post about Covid-19

Facebook removes Donald Trump's post claiming that children are "almost immune" to Covid-19.

US: $ 10.000.000 to anyone who identifies election hackers!

A few months before this year's US presidential election to be held in November, the US State Department announced that it will give ...