The National Information Technology Development Agency (NITDA) has warned Nigerians about a new banking malware that has been used to carry out fraudulent activities on unsuspecting victims.

NITDA said in an ‘X’ post that Grandoreiro could be used to bypass financial security controls, granting access to unauthorised persons and causing financial losses to businesses and individuals.

“Advisory on Grandoreiro Banking Malware!!! A new version of the banking malware Grandoreiro has emerged, targeting users globally. This banking Trojan is primarily distributed through phishing emails and fake websites,” the statement read.

Grandoreiro is a well-known Brazilian banking Trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions.

The malware has been active since at least 2016 and is now one of the most widespread banking Trojans globally.

INTERPOL and law enforcement agencies across the globe are fighting against Grandoreiro, and Kaspersky is cooperating with them, sharing TTPs and IoCs.

However, despite the disruption of some local operators of this Trojan in 2021 and 2024, and the arrest of gang members in Spain, Brazil, and Argentina, they remain active.

READ ALSO:NITDA claims Google, Microsoft, TikTok, others pay $1.5b taxes in Nigeria

Grandoreiro generally operates as Malware-as-a-Service, although it is slightly different from other banking Trojan families.

You won’t find an announcement on underground forums selling the Grandoreiro package — it seems that access to the source code or builders of the Trojan is very limited, only for trusted partners.