The National Information Technology Development Agency (NITDA) has raised alarm over a new cybersecurity threat involving the Grandoreiro banking malware.
The agency, through a public notice issued by the Computer Emergency Readiness and Response Team (CERRT.NG), warned Nigerians about the malware’s resurgence and its potential risks.
The advisory detailed how Grandoreiro, a banking Trojan, exploits phishing emails and fake websites to compromise victims’ systems.
“A new version of the banking malware Grandoreiro has emerged, targeting users globally. This banking Trojan is primarily distributed through phishing emails and fake websites,” the stated
NITDA explained that the Grandoreiro malware masquerades as legitimate software updates or documents to trick users into downloading it. Once installed, the malware deploys advanced techniques such as screen overlay attacks and remote device control to steal sensitive data, including banking credentials.
According to the agency, the primary risks associated with Grandoreiro include:
- Unauthorized access to online banking accounts.
- Theft of financial information and personal data.
- Remote exploitation of victim devices to bypass security controls.
- Potential financial losses for individuals and businesses.
Preventive measures for users
To counter this threat, NITDA has urged Nigerians to take proactive steps to safeguard their devices and data. The agency outlined the following preventive measures:
- Avoid phishing traps by not clicking on links or opening attachments from unknown or unsolicited emails.
- Download software securely by obtaining updates and documents only from trusted sources.
- Enable Multifactor Authentication (MFA) to add an extra layer of protection for online banking accounts.
- Use antivirus software by regularly updating and scanning devices with antivirus and anti-malware tools.
- Secure financial transactions by avoiding public Wi-Fi networks and using a VPN where necessary.
- Monitor banking activities by regularly reviewing account statements to detect and report suspicious transactions promptly.
NITDA encouraged Nigerians to report suspicious activity or seek guidance through the following CERRT.NG channels: Email: [email protected], phone: +2348178774580 and Website: www.cerrt.ng
What you should know
As cybercriminals continue to exploit various online platforms, the National Information Technology Development Agency (NITDA) has raised concerns over malicious activities on Spotify.
- Threat actors use playlist names and podcast descriptions to promote harmful content, including game hacks, pirated software, and spam links.
- These actions can expose users to scams, phishing attacks, and malware.
- NITDA warns that such activities could lead to significant risks, including the theft of personal and financial data. To stay safe, users are advised to avoid suspicious playlists and podcasts, refrain from clicking on unknown links, and ensure their Spotify app is updated to the latest version.
Vigilance and adherence to cybersecurity best practices remain essential for safeguarding personal information and devices.