The National Information Technology Development Agency (NITDA), through its Computer Emergency Readiness and Response Team (CERRT.NG), has issued an urgent alert about the Grandoreiro banking malware, a sophisticated Trojan targeting individuals and businesses globally.
Grandoreiro operates through phishing emails and counterfeit websites, tricking victims into downloading malicious software disguised as legitimate updates or documents. Using advanced techniques like screen overlay attacks and remote device control, the malware captures sensitive financial data and hijacks devices.
NITDA’s advisory underscores the severe risks posed by this threat, which include unauthorised account as victims could lose control of their banking accounts, leading to potential financial theft; dat theft; device exploitation as attackers can take over devices to execute further malicious activities and economic impact as individuals and businesses and economic impact.
To protect against this malware, NITDA advised Nigerians to exercise caution with emails by avoiding clicking on links or opening attachments from unknown or unsolicited sources and download software from trusted sources by ensuring all updates and documents come from verified and official platforms.
“Enable multi factor authentication (MFA), by securing online banking and financial accounts by adding an extra layer of protection; update antivirus software by Keeping anti-malware and antivirus solutions up to date and perform regular system scans.
“Avoid unsecured networks, by ensuring that when conducting financial transactions, refrain from using public Wi-Fi networks. Use a VPN if necessary and monitor banking activity, by frequently reviewing account activity to detect and report unauthorised transactions promptly,” it added.
