Else Beekman
One of the most dangerous banking viruses in the world is back, and this time, it’s targeting unsuspecting users in Spain. Cybersecurity experts have confirmed that the notorious Grandoreiro banking Trojan has resurfaced in a large-scale phishing campaign. Masquerading as official communication from the Spanish Tax Agency (Agencia Tributaria), this malware can steal your banking details in seconds.
What is Grandoreiro?
Grandoreiro is a sophisticated banking Trojan originating from Brazil. Once installed on a device, it can harvest sensitive information such as usernames, system data, and financial credentials. Cybercriminals use this data to gain control of victims’ bank accounts, siphoning funds without their knowledge. Since its emergence in 2016, Grandoreiro is estimated to have stolen around €3.5 million worldwide.
How does the scam work?
Hackers are using a highly deceptive phishing strategy to spread Grandoreiro. Victims receive an email that appears to come from the Agencia Tributaria, claiming they have a new notification in the Dirección Electrónica Habilitada Única (DEHÚ), Spain’s official electronic notifications system.
The email is alarmingly convincing, even spoofing a legitimate government email address ending in @correo.gob.es to bypass spam filters. It contains multiple links, and clicking on just one is enough to trigger the download of the banking Trojan. Once installed, the malware records keystrokes, manipulates the mouse, shares the screen, and steals credentials, granting cybercriminals full access to bank accounts.
Why is this attack so dangerous?
Traditional phishing attempts rely on users manually entering data into fake websites. However, Grandoreiro takes control of infected devices, allowing hackers to operate accounts in real time. Worse still, this malware has multiple evolving versions, making it difficult to detect and eradicate.
How to protect yourself against this banking Trojan
Cybersecurity experts stress the importance of being cautious with unexpected emails, even if they appear to come from official sources. It is crucial to verify their legitimacy independently before clicking on any links. Opening unknown attachments should be avoided unless there is absolute certainty about the sender’s authenticity.
Enabling multi-factor authentication (MFA) adds an extra security layer, making it significantly harder for cybercriminals to access bank accounts, even if they manage to obtain credentials.
Keeping security software up to date ensures that antivirus and anti-malware programs are equipped to detect and block potential threats. Instead of clicking on links in emails, users should manually check their DEHÚ notifications by visiting the Agencia Tributaria’s official website directly.
Also read: Phone company Movistar issues urgent phone scam warning