TechPression

Category: Antivirus

  • The NCC CSIRT Discovers Malware That Targets Banking Applications

    The NCC CSIRT Discovers Malware That Targets Banking Applications

    Software that steals Android users’ banking app login information has been made by the Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT). The CSIRT has found it.


    According to a security advisory from the NCC CSIRT, the malicious software known as “Xenomorph” has a high impact and a high vulnerability rate. It was discovered to target 56 financial institutions in Europe. The primary objective of this infection is to steal passwords and then log in and use potential two-factor authentication tokens via SMS and notification interception. The Xenomorph is spread via a programme snuck into the Google Play store and masquerading as a legal application called “Fast Cleaner,” which is apparently intended to clean garbage, boost device speed, and maximize battery life. In reality, this app is just a way to spread the Xenomorph Trojan quickly and easily.

    Read Also : A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.


    Before the malware was installed on the remote server, “Fast Cleaner” was given out. This made it hard for Google to figure out that the software was being used for bad things.
    Once installed on a victim’s device, Xenomorph can capture device and Short Messaging Service (SMS) information, intercept notifications and new SMS messages, conduct overlay attacks, and block users from deleting them. Additionally, the threat requests Accessibility Services credentials, which enables it to grant itself additional permissions.


    Additionally, the CSIRT stated that the malware takes victims’ banking information by superimposing false login sites on top of legitimate ones.

  • A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.

    A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.

    Threatfabric, an online fraud detection business, recently disclosed that over 50,000 Android users have installed a Trojan that is capable of targeting over fifty-six banking apps.

    The Xenomorph, an alien species, inspired the name of this malware. At the moment, it only offers a few possibilities. However, the trojan appears to be in its early stages of development. It is reasonable to assume that the next version will be more capable.

    According to ThreatFabric, the fact that this malware continues to request repeated logins may indicate that it is not yet ready. The malware could have been created by the individuals responsible for the initial alien species, or it could have been created by someone who knows which code was used in the original version.

    By installing rogue apps from the Google Play Store for Android, the malware can be installed on a device. Recently, an app purporting to speed up a smartphone was discovered to have been previously controlled by a trojan and was effectively used to target over 50,000 consumers under the moniker Fast Cleaner.

     

    Read Also: The NCC CSIRT Discovers Malware That Targets Banking Applications



    After infiltrating the system, the Xenomorph is able to extract all personal data, including text messages. It is even capable of preventing the victim from uninstalling the application. This is a simple method for malware to take control of the system.

    The software can even steal banking information by displaying a counterfeit login window. With access to a user’s text messages, the malware can infiltrate other programmes without requiring a two-factor authentication.

    It operates by routing downloaded overlays for various financial applications to its command and control centre. This centre provides the user with a bogus log-in page that collects the user’s information.

     

    Read Also : Data Protection A Blessing or A Curse



    According to ThreatFabric, the virus communicates with its command and control centre only the overlay, not the logged data. The trojan has thus far targeted applications from a variety of nations, including Spain, Italy, and Belgium.

    Additionally, ThreatFabric stated that the malware has a great deal of potential to evolve into a more dangerous form. Future versions of this malware may be capable of stealing further data.

  • Security alert: NCC warns against software that steals banking app data

    Security alert: NCC warns against software that steals banking app data

    The Nigerian Communications Commission, an independent regulatory authority for the telecommunications industry in Nigeria has alerted Nigerian against software targeting users’ banking app information.

    According to NCC spokesman Ikechukwu Adinde in a statement released on Sunday, the Nigerian Communications Commission has found newly-hatched malicious software that steals Android users’ banking app login information.

    NCC’s Computer Security Incident Response Team discovered the virus, which uses SMS and notification interception to log in and utilize possible two-factor authentication tokens, as well as to steal passwords.

    “A security advisory from the NCC CSIRT said the malicious software called ‘Xenomorph’, found to target 56 financial institutions across Europe, had a high impact and high vulnerability rate.

    “Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize the battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

    The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

    “In a quest to avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions. He added.

    Furthermore, he explained “Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

    “The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory affirmed.

    In conclusion, Mr. Adinde said that the commission had advised telecom consumers to be on alert in order not to fall of this manipulation.

    He urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted Antivirus solutions and update them regularly to their latest definitions.

  • The deadly cyber Russia-Ukraine war

    The deadly cyber Russia-Ukraine war

    As reactions trail the invasion of Ukraine by Russia, the technological dimension continues to emerge by the day. Cyberspace has become another platform for this war. Both countries continue to experience diverse adversarial attacks and consequences technologically and within their respective cyber ecosystem. 

    As reported earlier this week by Techpression, the Russians have been accused of attacking the financial services and various government websites of Ukraine. These attacks serve as the first cyber-offensive in this war. Also, some parts of the second-largest city in Ukraine, Kharkiv, witnessed internet disruption on Thursday. According to NetBlocks, an internet tracking advocacy group reported that about 25 per cent of Kharkiv’s 1.8 million residents and the surrounding region experienced this outage. 

    Netblocks Tweet on Russia-Ukraine

    On the other hand, many physical attacks have targeted various infrastructures in Ukraine that will disrupt the internet. Power grids, cell towers, and other telecommunication infrastructure are casualties of bombings and armed fights, further decimating Ukraine’s cyberspace. 

    Read Also : The Forbidden Tool

    On the other hand, Russia has also been a victim of cyber-related attacks since this war began. It was reported that ISPs in Russia are experiencing disruption. Anonymous, a cyber activist group, reported that numerous ISPs had been brought down. Although the credit is not attributed to the Ukrainian government, it appears to be a retaliatory move by members of this group. A quick check of the four reported ISP showed that only relcom.ru had been fully restored, with the remaining three still down. 

    Anonymous Tweet on Russia

    Despite this impact on Russia, Ukraine has been affected the more. ISPs in Ukraine such as Triolan, are experiencing partial outages, with websites going down due to the numerous cyber-attacks. Hence, this war is not all about mortal and guns or any other kinetic approach. It encompasses the internet, a significant aspect that must not be ignored. 

    Different Approaches

    Each country understands the role of cyberspace in this warfare. Hence, their recognition and support for its deployment in their offensive. The government of Ukraine has approached its cyber offensive in an uncoordinated manner. To secure critical infrastructure and perform cyber-surveillance missions against Russian forces, the Ukrainian government is reportedly looking for volunteers from the country’s hacker underground.

    Hackers and cybersecurity experts have been urged to submit their applications through online forms. Co-founder of a cybersecurity firm in Kyiv, Yegor Aushev, told Reuters that an official requested the appointment from Ukraine’s military on Thursday. Aushev’s company Cyber Unit Technologies is well recognised for collaborating with the government to defend critical infrastructure. The volunteers will be in two parts: defensive and offensive cyber units. The offensive unit will concentrate on conducting cyber espionage activity against the Russians. 

    Read Also Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 1

    On the other hand, the Russian approach is more coordinated and demonstrates long-term cyber capability development. The Russian military was modernised, and cyber techniques were incorporated following Russia’s 2008 retreat from Georgia. Ever since state-sanctioned cyberattacks have dominated Russia’s military strategy. Typically, these attacks are orchestrated by the GRU, Russia’s Main Intelligence Directory. Customised malware (malicious software) is commonly used to attack the systems of a targeted nation’s infrastructure and systems.

    Russia Malware Attack Image

    A clear demonstration of this impact was the discovery of a new data wiper malware. It has infected hundreds of machines. Russia was accused of this attack. However, the officials from Russia have denied responsibility for these attacks. Likewise, Russia’s embassy in Canberra has denied any role in the most recent strikes on Ukraine.

    Read Also: Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2