The Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT) has discovered new malware that steals users’ banking app login credentials on Android devices.
According to a security advisory from the NCC CSIRT, the malware called “Xenomorph”, which targets 56 European financial institutions, has a high impact and a high vulnerability rate. The main intention of this malware is to steal credentials, combined with the use of SMS and notification interception to log in and use potential 2-factor authentication tokens.
A statement from the NCC said that Xenomorph is spread by an app that was snuck into Google Play Store and masquerading as a legitimate app called “Fast Cleaner” which is supposed to erase junk files, boost device speed and optimize battery. In reality, this application is just a means through which the Xenomorph Trojan could spread easily and effectively.
The statement says that to avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was released before the malware was placed on the remote server, making it difficult for Google to determine that a such application is used for malicious actions.
“Once operational on a victim’s device, Xenomorph can collect device and short messaging service (SMS) information, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from The threat also asks for Accessibility Services privileges, which allows it to grant itself other permissions.
“CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS two-factor authentication and log into victims’ accounts without alerting them.
“Xenomorph was found to target 56 online banking apps, 28 from Spain, 12 from Italy, 9 from Belgium and 7 from Portugal, as well as cryptocurrency wallets and general-purpose apps like mobile services. The Fast Cleaner app has now been removed from the Play Store, but not before garnering over 50,000 downloads,” the CSIRT security advisory asserted.
“The Nigerian Communications Commission hereby wishes to advise telecommunications consumers to be on alert so as not to fall victim to this manipulation.
Therefore, the NCC urges telecommunications consumers and other Internet users, especially those using Android devices, to use reliable anti-virus solutions and update them regularly with their latest definitions.
The Commission also implores consumers and other stakeholders to always update banking apps to their most recent versions,” the statement added.
YOU SHOULD NOT MISS THESE TITLES FROM NIGERIAN TRIBUNE
We haven’t had a water supply for months ― Abeokuta residents
Despite the huge investment in the water sector by the government and international organizations, water scarcity has become a permanent nightmare for the people of Abeokuta, the capital of Ogun State. This report chronicles the lives and experiences of residents obtaining clean, safe and affordable water amid the surge in COVID-19 cases in the state…
Chinese Selfies, Video Calls and Documentaries: What You’ll Meet on the Lagos-Ibadan Train
The Lagos-Ibadan Railway was inaugurated recently for fully paid operation by the Nigerian Railway Corporation after about a year of free trial. Our reporter joined the round trip train from Lagos to Ibadan and shares his experience in this feature.…