These festive times are the favorite time for cybercriminals to do their thing and steal all the personal data of their victims. It is the time when we receive the most emails and SMS with misleading information. Once again, the famous Grandoreiro Trojan is back to inject itself directly into your computer and download all your content. If you want to prevent this computer virus and know all the details of how to identify it, you just have to stay and read this article.

We are in Christmas and the alarms about cybercrimes are only ringing, so we must be extremely careful when it comes to make online purchases or access illicit messages. In reality, cybercrime does not rest and not a single day goes by in which we have news about fraud and scams on the Internet. The only thing we have left is not to fall into the temptation of becoming another victim of these individuals and to follow a series of guidelines with the aim of avoiding this bad practice.

A few hours ago, the National Cybersecurity Institute (INCIBE) and the Internet User Security Office (OSI) have echoed the latest of the misdeeds caused by an organized group of cybercriminals who pose as a travel agency to give you a Christmas gift. Due to this alarming situation, security agencies have decided to put into circulation a set of preventions to avoid being hacked, but first you have to know how to identify this type of scam that circulates on the internet.

Impersonation of a travel agency

In the last few hours a malware distribution campaign which acts through an email posing as a travel agency called 'Spain Travel Corporation SA', which is completely fictitious. Likewise, the content of the message reflects a congratulation accompanied by a trip that a friend has sent us as a Christmas gift. In the email we attach a link to download the travel voucher and print it. They will make us believe that it is a .zip file, but in reality it is a .msi file that executes malicious code.

Consequently, security agencies have identified this fraudulent document as the Grandoreiro malware, a very dangerous Trojan that updates itself frequently and downloads all your personal data once it attaches to your computer. In this way, extreme caution must be taken in emails that spread gifts or other dissuasive messages.

How to act

INCIBE and OSI have disseminated the solution to prevent falling into the trap of criminals through a series of instructions. Whether you have received the email or not, you need to take a look at these guidelines so you know how to react at all times.

If you have received the email and have not accessed the link

As soon as you have received the email and have not accessed any links, block it immediately and mark it as spam. Then delete it and run an antivirus scan to verify that no trace remains.

If you have received the email and clicked on the link

Otherwise, if you have received the email and have accessed the attached link and downloaded the file, but have not opened it, delete it immediately and empty the recycle bin so that no trace remains. Next, perform an antivirus scan to make sure that no traces of the file are detected anywhere on your computer.

Therefore, if you have received the email, downloaded the file and executed it, your device may be at risk. In this case, you must follow this procedure:

Disconnect the equipment from your router so that the malware does not spread to other terminals.

Perform an analysis complete with your antivirus. In the event that the infection has not disappeared, you must restore and format your computer to disinfect it, but not before making a backup copy of all your data.

Collect all the evidence through screenshots and save the email received to report it to a Police office.