Ethiopia is among the latest countries targeted by the Grandoreiro banking trojan, a significant cyber threat now expanding across Africa and Asia. According to a recent report by Kaspersky, the Grandoreiro malware, active since 2016, has contributed to roughly five percent of all global banking trojan attacks in 2024, marking a troubling new frontier in cybersecurity for Ethiopia and other African nations.
Kaspersky’s Global Research and Analysis Team (GReAT) revealed that this trojan is now targeting over 1,700 financial institutions and 276 cryptocurrency wallets in 45 countries. The African countries affected include Algeria, Angola, Ghana, Ivory Coast, Kenya, Mozambique, Nigeria, South Africa, Tanzania, Uganda, and notably, Ethiopia.
While there have been global efforts to curtail the threat, including the arrest of key operators in early 2024, Grandoreiro continues to evolve. Its creators have adapted by developing lighter, harder-to-detect versions that allow them to continue operations. These new variants pose a particular concern, as they coincide with a significant rise in incidents, especially in Mexico, which saw approximately 51,000 cases this year alone.
Fabio Assolini, head of Kaspersky’s Latin American division, noted that these new versions show a shift in cybercriminal tactics. “These developments underscore the evolving nature of the threat,” he stated. “Fragmented and lighter versions may represent a trend that could extend beyond Mexico and into other regions, including Africa and Asia.”
Kaspersky’s analysis shows that Grandoreiro uses sophisticated techniques to impersonate legitimate user behavior, which complicates detection by security systems. By recording mouse movements and simulating real user patterns, the malware seeks to bypass security measures reliant on machine learning.
As Ethiopia faces this escalating cyber threat, Kaspersky emphasizes the importance of heightened awareness and reinforced cybersecurity measures for both financial institutions and individual users. The spread of Grandoreiro is a stark reminder of the need for international cooperation to combat cybercrime and safeguard vulnerable economies from financial exploitation.
