NITDA Warns Nigerians to Stay Vigilant as Grandoreiro Banking Malware Strikes Globally

The National Information Technology Development Agency (NITDA), through its Computer Emergency Readiness and Response Team (CERRT.NG), has issued an urgent warning about a new Grandoreiro banking malware. 

This highly advanced Trojan is wreaking havoc globally, targeting individuals and businesses by exploiting phishing schemes and fake websites to steal sensitive financial information and hijack devices.

Overview of Grandoreiro Malware

Grandoreiro is a banking Trojan that utilises phishing emails and fake websites to deceive victims into downloading malicious software disguised as legitimate updates or documents. 

Leveraging advanced tactics, including screen overlay attacks and remote device control, this malware aims to harvest sensitive information such as banking credentials and personal data.

The advisory emphasises the critical nature of the threat, highlighting how unsuspecting users may unknowingly compromise their financial information and grant attackers access to their devices.

According to the advisory, the Grandoreiro malware can lead to severe risks, including:

• Unauthorised access to online banking accounts: Victims may lose control over their accounts, leading to potential financial theft.
• Data theft: Sensitive financial information and personal data are at risk of exposure.
• Remote exploitation: Attackers can take control of victims’ devices, bypassing security protocols to execute further malicious activities.
• Economic consequences: Both individuals and businesses face possible financial losses resulting from unauthorised transactions or compromised systems.

Preventive Measures

To mitigate the risks associated with the Grandoreiro malware, NITDA has outlined several precautionary steps:

1. Exercise caution with emails: Avoid clicking on links or opening attachments from unknown or unsolicited sources.
2. Download software from trusted sources: Ensure all updates and documents come from verified and official platforms.
3. Enable multifactor authentication (MFA): Secure online banking and financial accounts by adding an extra layer of protection.
4. Update antivirus software: Keep anti-malware and antivirus solutions up to date and perform regular system scans.
5. Avoid unsecured networks: When conducting financial transactions, refrain from using public Wi-Fi networks. Use a VPN if necessary.
6. Monitor banking activity: Frequently review account activity to detect and report unauthorised transactions promptly.

CERRT.NG Contact Details

In case of any suspicion of compromise or to seek further information, individuals and organisations are encouraged to contact CERRT.NG through the following channels:

• Email: cerrt@nitda.gov.ng
• Phone: +2348178774580
• Website: www.cerrt.ng

The emergence of the Grandoreiro banking malware shows how sophisticated cyber threats have become and the need for increased vigilance. 

NITDA urges all stakeholders, including individuals and businesses, to remain alert in securing their digital assets and adopting best practices in cybersecurity.