The National Information Technology Development Agency (NITDA) of Nigeria has raised concerns over the emergence of Grandoreiro, a sophisticated banking malware now targeting financial institutions and their customers in Africa.
Originating in Latin America, this malware employs phishing tactics to deceive users and infiltrate banking systems, compromising sensitive information such as passwords and PINs.
Recent report indicates that cybercriminals mostly target the finance and government sectors in Africa.
How Grandoreiro works
Once deployed, Grandoreiro tracks user activities, records keystrokes, and sends stolen data to cybercriminals. This can lead to severe financial losses, especially for individuals unaware of the threat.
The malware specifically aims to exploit Africa’s increasingly digitized financial systems, making robust cybersecurity measures a necessity.
Cases in some African Countries
Recent incidents highlight the vulnerabilities in the African banking sector. In April 2024, hackers exploited system weaknesses at Kenya’s Equity Bank, stealing $1.3 million through coordinated debit card fraud.
In Ghana, the Africa Centre for Digital Transformation (ACDT) flagged cybersecurity risks following a global software failure.
South Africa’s First National Bank (FNB) also reported an increase in phishing and smishing attacks targeting digital wallet users.
Adding to external cyber threats, internal fraud remains a pressing issue. In Nigeria, 49 banking employees were terminated in Q2 2024 due to their involvement in fraudulent activities, marking a 40% increase from the previous quarter.
Recently, it was reported that cybercriminals stole nearly $17 million from the Central Bank of Uganda.
Building Resilience in Africa’s Financial Sector
As Africa’s banking systems continue to embrace digitization, collaboration between regulatory bodies, financial institutions, and customers is essential.
Proactive measures will be critical to safeguarding the region’s financial ecosystem from the growing sophistication of cybercriminal activities.
NITDA has urged financial institutions to act swiftly by:
- Implementing advanced threat detection systems.
- Conducting regular security audits.
- Training staff to recognize and counter potential cyber threats.
The rise of threats like Grandoreiro serves as a stark reminder that cybersecurity must remain a top priority for Africa’s financial sector.
Source: TechPoint Africa
About Author
