The National Information Technology Development Agency (NITDA) has alerted Nigerians about a new version of the Grandoreiro banking malware, which targets users globally through sophisticated phishing campaigns.

In an advisory released by NITDA’s Computer Emergency Readiness and Response Team on Monday, the agency described Grandoreiro as a significant threat, using “advanced techniques, including screen overlay attacks and remote device control, to steal sensitive information such as banking credentials and personal data.”

The country’s technology regulator explained that the malware is primarily distributed via phishing emails and fraudulent websites that deceive victims into downloading malicious software disguised as legitimate updates or documents.

Once installed, the malware bypasses security controls, granting attackers unauthorised access to users’ devices.

The agency warned that the malware could lead to financial losses and identity theft and urged the public to exercise caution and adopt recommended security measures to mitigate the risk.

NITDA recommended avoiding links and attachments from unknown emails, downloading software only from trusted sources, and enabling multifactor authentication to secure online banking and financial accounts.