Ethiopia is among the countries now targeted by the Grandoreiro banking trojan, a significant cyber threat that has expanded its reach into Africa and Asia. According to a recent report by Kaspersky, the Grandoreiro malware has been active since 2016 and is responsible for approximately five percent of global banking trojan attacks in 2024.
Kaspersky’s Global Research and Analysis Team (GReAT) revealed that the trojan is currently targeting over 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries. This includes several African nations, such as Algeria, Angola, Ghana, Ivory Coast, Kenya, Mozambique, Nigeria, South Africa, Tanzania, Uganda, and notably Ethiopia.
Despite efforts to combat this threat, including the arrest of key operators in early 2024, Grandoreiro continues to evolve. The malware’s creators have developed lighter versions to evade detection and continue their operations. The new variants are particularly concerning as they have been linked to an increase in incidents reported in Mexico, where around 51,000 cases were recorded this year alone.
Fabio Assolini, head of Kaspersky’s Latin American division, noted that the fragmented nature of these newer versions indicates a shift in tactics among cybercriminals. “These developments underscore the evolving nature of the threat,” he explained. “Fragmented and lighter versions may represent a trend that could extend beyond Mexico and into other regions.”
Kaspersky’s analysis indicates that the Grandoreiro trojan employs sophisticated techniques to mimic legitimate user behavior, making it harder for security systems to detect fraudulent activity. By recording mouse movements and simulating real user patterns, the malware aims to bypass machine learning-based security measures.
As Ethiopia grapples with this emerging cyber threat, Kaspersky emphasizes the need for heightened awareness and robust cybersecurity measures among financial institutions and users alike. The spread of Grandoreiro serves as a stark reminder of the importance of international cooperation in combating cybercrime and protecting vulnerable economies from financial exploitation.
