Technology

Multiple variants of Grandoreiro are accounting for global banking trojan attacks across the world. (Image source: Adobe Stock)

Kaspersky, a global cybersecurity and digital privacy company, has raised the alarm bells around the worrying Grandoreiro banking trojan which has been causing havoc around the world

According to the firm, Grandoreiro has been active since 2016 and has targeted more than 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries this year alone. This accounted for around 5% of banking Trojan attacks this year and the newly-discovered light version variant is also proving cause for concern, having already targeted around 30 banks in Mexico.

Among the countries that have been affected by Grandoreiro is a number from the African continent, including Algeria, Angola, Ethiopia, Ghana, Côte d'Ivoire, Kenya, Mozambique, Nigeria, South Africa, Tanzania, and Uganda.

An evolving threat

After assisting an INTERPOL-coordinated action, which has led to Brazilian authorities arresting operators behind a Grandoreiro banking trojan operation, Kaspersky discovered that the group’s codebase has been split into lighter, fragmented versions of the trojan, to continue its attacks. This is what has caused problems for financial institutions in Mexico this year. The creators likely have access to the source code and are launching new campaigns using the simplified legacy malware, Kaspersky has reported.

“All the recent developments underscore the evolving nature of the threat. Fragmented and lighter versions may represent a trend that could extend beyond Mexico and into other regions, including beyond Latin America,” said Fabio Assolini, head of the Latin American Kaspersky Global Research and Analysis Team (GReAT). “However, we believe that only some trusted affiliates have access to the malware source code to develop such lighter versions. Grandoreiro operates differently from the traditional ‘Malware-as-a-Service’ model we are accustomed to. You won’t find announcements on underground forums selling the Grandoreiro package; instead, access to it appears to be limited.”

Multiple variants of Grandoreiro, including the new light version and the primary malware, are accounting for global banking trojan attacks across the world, making it one of the most active threats worldwide, according to Kaspersky.

The company also analysed the newer samples of the primary Grandoreiro from 2024, and observed new tactics. It records mouse activity to mimic real user patterns, aiming to evade detection by machine learning-based security systems that analyse behaviour. By replaying natural mouse movements, the malware aims to trick anti-fraud tools into seeing the activity as legitimate.

Grandoreiro has also adopted a cryptographic technique known as Ciphertext Stealing (CTS), which Kaspersky has never seen being used in malware. In this case, its aim is to encrypt the malicious code strings.
To protect from financial malware, Kaspersky security experts recommend key steps organisations can take including to enable a Default Deny policy for critical user profiles; provide cybersecurity awareness training to staff; and use protection solutions for mail servers with anti-phishing capabilities such as Kaspersky Security for Mail Server.

For individuals, Kaspersky recommends vigilance (never open suspicious-looking messages, only install applications from a reliable source, refrain from approving rights or permissions without ensuring they match the applications feature set) and to make sure of a reliable security solution such as Kaspersky Premium.

Rawbank is looking to ensure a scalable and reliable environment for its digital assets. (Image source: OADC)

Rawbank, a leading bank in the DRC for the past 12 years, has partnered with OADC - Texaf Kinshasa, the country’s first Tier-III certified, carrier-neutral data centre, to enhance its digital banking services and promote financial inclusion

By collocating at OADC - Texaf Kinshasa, Rawbank is looking to ensure a scalable and reliable environment for its digital assets, enabling it to enhance services like its mobile money platform illicoCash and reach more underserved communities.

“This partnership with OADC - Texaf Kinshasa marks a major step in our journey to modernise banking services in the DRC,” said Mustafa Rawji, general manager of Rawbank. “By leveraging world-class digital infrastructure, we are reinforcing our commitment to providing secure, accessible, and efficient banking solutions for all Congolese. We look forward to the new opportunities this collaboration will unlock for our customers and the broader community.”

“We are excited to welcome Rawbank to our OADC - Texaf Kinshasa data centre,” added Mohammed Bouhelal, managing director of OADC - Texaf Kinshasa. “This collaboration highlights the critical role our facility plays in driving digital transformation in key sectors, including banking. Rawbank’s decision underscores our value in terms of connectivity, resilience, and scalability.”

Rawbank is not the only company taking advantage of the new opportunities opened up by the Tier-III data centre, with ST Digital also recently signing a partnership to make use of the facility.

Enhanced visibility. Industrialised reliability. (Image source: Brady)

Maximise real-time visibility on industrial processes with cutting edge RFID performance. The IRX200 from Brady combines powerful RFID reading with integrated edge computing and native OT & IT connectivity to support greater warehouse and production efficiency.

Instantly see the status and evolution for both work-in-progress in production, and stock levels in the warehouse, using the same hard- and software. Reduce production interruptions. Track inventories automatically with an RFID reader that can pick up 1000 items per second. Streamline processes and enhance output using accurate, real-time, automated and programmable data that enable fast, accurate decision making and effective continuous improvement.

Unique, all-in-one tracking

Read battery-free RFID tags right out of the box with the IRX200’s all-inclusive functionality. An integrated, high gain RFID antenna makes the IRX200 easy to install and maintain. The RFID reader does not require external antennas. Native OT & IT connectivity, including Profinet IO and OPC UA, enable smooth, reliable data throughput. Before sharing, data can be processed by a built-in edge computer that nullifies latency and reduces facility cloud bandwidth consumption. Equipped with powerful computing capabilities, the IRX200 can run RFID reader and AI apps to process data in real-time, and share them with stakeholders and other machines in the most optimal way.

^{The RFID reader does not require external antennas.}

Enhanced visibility. Industrialised reliability

The IRX200 is designed for industrial environments. With EN 60068-2-27 shock, EN 60068-2-6 vibration, and IP67 ingress protection tested mechanics, the reader can be mounted on almost any racking, conveyor, forklift and indoor vehicle. An operating temperature range of -20°C to 55°C makes the IRX200 useful in many industrial environments and applications.

With the IRX200, a large number of industries can power productivity using insights and decisions supported by real-time, actionable data from their own industrial processes.

Learn more about IRX200 fixed reader on Brady websites.

A significant leap in workplace efficiency

Bring your workplace to the next level of efficiency and productivity with reliable RFID. Locate, identify, track and trace multiple assets at once from a 15m distance without ever having to lay eyes on them. Or cover your entire workplace with well placed fixed RFID readers to maximally accelarate asset tracking. Quickly guide employees to the assets they need in the most optimal order, fully automate inventories and check any outgoing cargo for completeness in seconds.

Get some inspiration from our free guidebook >>

Brady Europe, Middle East & Africa
www.brady.eu

The funds will be used to consolidate and expand capacity and infrastructure of data centre assets across Ooredoo’s MENA operations. (Image source: Ooredoo)

Ooredoo Group, an international communications company operating across the MENA region and southeast Asia, has secured a financing deal in a bid to accelerate the growth of its data centre and AI business

Worth QAR2bn (approx. US$550mn), the financing deal has been signed with QNB, Doha Bank and Masraf Al Rayan and represents the largest transaction ever achieved in Qatar’s tech sector.

Aziz Aluthman Fakhroo, group CEO, Ooredoo, remarked, “The MENA region is one of the fastest growing markets for data centres worldwide, and there is significant untapped potential in AI, Cloud services and accelerated computing. This financing deal marks a major milestone in our strategic vision for expanding our data centre and AI business, and we are excited to meet the region’s increasing demand while upholding our commitment to sustainable, energy-efficient infrastructure.”

The newly available funds will be allocated to carve out existing data centre assets from Ooredoo’s telecom operations, with a significant portion being directed towards expanding capacity and upgrading infrastructure to support AI, cloud services and hyperconnectivity.

Fahad Al Khalifa, group CEO, Masraf Al Rayan, commented, "We are excited to be part of this major financing deal, which will contribute to driving technological progress in Qatar and the region. By partnering with Ooredoo, we are investing in the future of digital infrastructure and supporting sustainable growth through innovation and economic diversification. We are proud to be at the forefront of this significant initiative, which will undoubtedly cement Qatar’s position as a leader in the digital economy."

Sheikh Abdulrahman bin Fahad bin Faisal Al Thani, group CEO, Doha Bank, added, “We are dedicated to support Ooredoo in its ambitious expansion of digital infrastructure through this financing deal. The growth of Ooredoo’s data centres will have a transformative impact on the tech sector, enhancing regional competitiveness and positioning the country as a leader in the digital economy. We are proud to play a role in enabling this important step towards achieving comprehensive development in Qatar and the region.”