23.7 C
Lagos
Thursday, August 11, 2022
HomeCrime WatchNCC alerts Nigerians about new malware that steals users' banking app login...

NCC alerts Nigerians about new malware that steals users’ banking app login details

Published on

The Nigerian Communications Commission (NCC) has issued a security advisory alerting the Nigerian public about a newly discovered malicious software that steals users’ banking login details on Android devices.

The commission made this known on Friday, February 22,2022 through its Computer Security Incident Response Team (CSIRT).

According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, has been found to target 56 financial institutions from Europe, with high impact and high vulnerability rate.

It stated that the main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.

NCC CSIRT throws more light on Xenomorph malware

The NCC in its official press release, explained further that Xenomorh malware is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

Countries where Xenomorph has been found to target

According to NCC CSIRT, Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.

Though the Fast Cleaner app according to CSIRT has now been removed from the Play Store but that was after the garnered 50,000+ downloads,” the CSIRT security advisory asserted.

NCC’s advice to Android device and Internet users

The Nigerian Communications Commission (NCC) in its security advisory urged telecom consumers and other Internet users, particularly those using Android-powered devices to use trusted Antivirus solutions and update them regularly to their latest definitions. The Commission also implore consumers and other stakeholders to always update banking applications to their most recent versions.

Latest articles

Buhari’s ministers who officially resigned ahead of 2023 elections

Not less than nine Ministers in President Muhammadu Buhari’s cabinet, have resigned their appointments...

Buhari’s ministers who officially resigned ahead of 2023 elections

Not less than nine Ministers in President Muhammadu Buhari’s cabinet, have resigned their appointments...

FG launches N-Alert mobile app to deter kidnappers, terrorist, bandits, others

In a bid to curb kidnapping, terrorism, banditry and other vices facing the country's...

WhatsApp increases Group participants to 512, 2GB file sharing now available

WhatsApp has announced new features which will be rolling out slowly in the coming...

More like this

Buhari’s ministers who officially resigned ahead of 2023 elections

Not less than nine Ministers in President Muhammadu Buhari’s cabinet, have resigned their appointments...

Buhari’s ministers who officially resigned ahead of 2023 elections

Not less than nine Ministers in President Muhammadu Buhari’s cabinet, have resigned their appointments...

FG launches N-Alert mobile app to deter kidnappers, terrorist, bandits, others

In a bid to curb kidnapping, terrorism, banditry and other vices facing the country's...