Your money is in good hands (yours and those of your financial institution). However, it only takes a bad click for this Latin American banking horse named Grandoreiro to grab all your money.
This Trojan horse initially aimed at Brazil, Mexico, Spain and Peru, but it recently extended its field of action, targeting more than 1,700 financial institutions distributed in 45 countries and regions. Its recent entry on African and Asian continents, where digital culture is low, has offered malware has more victims, including notable celebrities and Africans.
On December 4, 2024, the actress and producer, Mansurah Isah launched a distress call on her Instagram and Facebook all her accounts related to Guaranty Trust Bank and the Sterling Bank were usurped. The actress said she discovered this situation when paying her Uber and seeing a balance of 0.00 ₦. The actress in shock, went to her bank to have confirmation, that her bank data had been compromised and that the money had been used to buy gifts online .
Faced with the threat of Grandoreiro, a team of NitDA specialists (National Information Technology Development Agency) warned Nigerians against Grandoreiro, warning the public on the tactics used to steal sensitive data such as banking identifiers and personal information.
The actress who has still not digested to have been hacked by the malicious software, replied the publication of NitDA on her social networks with the hashtag #cybersecurityalert (cybersecurity alert).
Grandoreiro uses hissing emails, via free offers of false advertisements and or pretends to be service providers in order to attract his targets. Messages sometimes offer free offers or from celebitities such as: "Click here to get 500 GB free or click here to win: 1,000,000 from Tyla and Tems".
Other messages have the form of a tax notice or pending invoices, encouraging users to click or download certain documents. Error that can be fatal to them since their identity and savings can be stolen automatically. Sometimes they clon the websites of the type: www.faktafrique.org becomes www.faktafriqué.org to attract original users and steal their personal data.
An “constantly renewed old recipe”
Grandoreiro has perfected over the years; Since 2023, these HameConnages techniques have targeted financial institutions more: countries, currencies and territories. The most recent versions of the Trojan horse represents a global economic threat. These new versions targeted 1,700 banks and 276 cryptocurrency portfolios in 45 countries (on all continents).
Grandoreiro, who operates masked, acts as a service, launches his advertisements in targeted languages (eg in English for Nigeria, in French for Cameroon). Once the Trojan horse reaches the user's device, it seeks to obtain sensitive information, such as passwords, personal identification accounts and numbers. Once activated, the malicious software follows user activities, records the keyboard strikes and transmits the stolen data to cybercriminals. Grandoreiro software is continuously improving, improving its formidable tactics with its malware to carry out its attacks against its targets by bypassing its security protections.
Grandoreiro: the “Casse of the century”
This malicious software is responsible for millions of dollars in scams each year. Since its appearance on the African continent, cases have been recorded in countries such as South Africa, Algeria, Angola, Ethiopia, Ghana, Côte d'Ivoire, Kenya, Mozambique, Nigeria, Tanzania and Uganda.
With the growing digitization of financial services in Africa, the increase in cybermenaces targeting the continent's financial sector is inevitable. Africans and the financial sector have become privileged targets for cybercriminals that use advanced tactics to exploit the vulnerabilities of systems.
The increase in cybermenaces targeting the continent's financial sector dominated public discourse because Grandoreiro is not a unique case. In April 2024, Equity Bank in Kenya was the victim of a large flaw in which hackers stole approximately $ 1.3 million through a coordinated flow card fraud system.
The National Bank National Bank of South Africa has also warned users against similar cyberrencies, cybercriminals increasingly using advanced hook tactics to target digital wallet users.
The Africa Center for Digital Transformation (ACDT) has made financial institutions about potential cyberrencies following a global software failure involving major cybersecurity companies. ACDT has stressed the importance of proactive measures to protect itself against such threats, highlighting the vulnerability of the region to cyber attacks.
To protect your devices from malware, NitDA strongly advises you to proceed as follows:
- Do not click on links or do not open attachments from unknown or not asked emails.
- Download software updates or documents than from official and reliable sources.
- Use multifactorial authentication to protect online bank and financial accounts against unauthorized access.
- Maintain antivirus and anti-malware software and perform regular analyzes.
- Avoid financial transactions on public Wi-Fi networks; Use a VPN if necessary.
- Frequently monitor banking activity to quickly detect and report unauthorized transactions.
It is practically impossible to get rid of all malware that attacks Internet users. The internal vulnerabilities of financial institutions are added to external threats. However, measures can be taken upstream to protect your device from the Trojan horse. However, the responsibility for security is the responsibility of organizations, staff, customers and regulatory organizations. It is recommended to train staff, carry out regular security audits, deploy advanced threat detection systems and identify and counter potential cyberrencies.
Charity Ani Kosisohukwu
