Sponsored
ICT

NCC Discovers Software Which Steals Users Banking Details

Sponsored
Sponsored

The Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT) has discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.

According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions from Europe, has high impact and high vulnerability rate.


NCC, in an advisory issued on Sunday to notify Nigerians of the dangerous software, said the main intent of Xenomorph was to steal credentials, combined with the use of SMS and notification interception to log in and use potential two-factor authentication tokens.


“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently”, NCC’s spokesman, Ikechukwu Adinde, said in the advisory.


To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions”, Adinde added.


Once up and running on a victim’s device, the NCC said Xenomorph could  harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks and prevent users from uninstalling it.


The threat also asks for Accessibility Services privileges which allow it to grant itself further permissions, according to the NCC.


The NCC further said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.


Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them, NCC further said.


“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services. The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory asserted.


Accordingly, the NCC urges telecom consumers and other Internet users, particularly those using Android-powered devices to use trusted Antivirus solutions and update them regularly to their latest definitions. The commission also implore consumers and other stakeholders to always update banking applications to their most recent versions.

Sponsored
Alinnor Arinze

Recent Posts

Comrade Dauda Joins Residents As Ikeja Hosts Celebrity Boxing Promotion

The Executive Chairman of Ikeja Local Government, Comrade Akeem Olalekan Dauda (AKOD), on Wednesday joined…

59 minutes ago

Buruj Academy Duo Raheem & Fawas Set For Italy, UK, Netherlands Tour

Golden Eaglets stars, Raheem Moyinoluwa Salaudeen and Fawas Ayomide Adeleke, are set to resume preparations…

2 hours ago

BOI & NBCC Sign MoU To Deepen Bilateral Trade, Industrial Growth And Investment

The Bank of Industry (BoI), Nigeria's foremost Development Finance Institution (DFI), has signed a landmark…

2 hours ago

United Nigeria Airlines’ Unity Rewards, Boulevard Hotels Partner To Offer 25% Discount & Flexible Check-In

United Nigeria Airlines has announced a new partnership between its loyalty programme, Unity Rewards and…

3 hours ago

2027: Yoruba Leader Urges Tinubu to Pick Hausa/Fulani Running Mate, Zone Senate Presidency to South-East

A prominent Yoruba leader and public affairs commentator, Dr. Oyedele Oyewumi, has called on President…

4 hours ago

Renewed Hope Arrives Oyo With N1.37tn Roads Projects (4)

BY FEMI AREMU  The approval of eight major federal road projects worth a combined N1.1375…

6 hours ago
Sponsored