NCC Alerts Nigerians Of Dangerous Malware Stealing Details of Bank Apps

The Nigerian Communications Commission’s Computer Security Incident Response Team has warned Nigerians about a newly discovered malicious software stealing users’ banking app login credentials on Android devices.

According to the commission, the malicious software called ‘Xenomorph’, which has been found to target 56 financial institutions from Europe, has a high impact and high vulnerability rate.

It added that the main intent of this malware was to steal credentials, combined with the use of SMS and notification interception to log-in and potential two-factor authentication tokens.

In a statement, NCC said, “Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise battery.

“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently. To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.”

According to the commission’s CSIRT, the malware stole victims’ banking credentials by overlaying fake login pages on top of legitimate ones and since it could intercept messages and notifications, it allowed its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

The CSIRT security advisory said Xenomorph has been found to target 56 internet banking apps: 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal; as well as Cryptocurrency wallets and general-purpose applications like emailing services.

Although the Fast Cleaner app has been removed from the Play Store, it garnered 50,000+ downloads, according to the NCC.


Punch

Comments

Trending

10 ways people kill their cars

2016 Budget: Senate meets NLC, TUC, other CSOs Wednesday

Peter Obi Dumps PDP, Pulls Out Of Presidential Race

Primaries: Ekweremadu Warns PDP Against A Repeat of Zamfara Scenario

Senator Rochas Okorocha Finally Surrenders To EFCC Operatives

20 Things You Must Know before Saying "I do"

UNIBEN Officials Disown Claims of Cure for HIV

Twelve Persons Killed As Terrorists Attack Katsina Community