TechPression

Category: Worms

  • A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.

    A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.

    Threatfabric, an online fraud detection business, recently disclosed that over 50,000 Android users have installed a Trojan that is capable of targeting over fifty-six banking apps.

    The Xenomorph, an alien species, inspired the name of this malware. At the moment, it only offers a few possibilities. However, the trojan appears to be in its early stages of development. It is reasonable to assume that the next version will be more capable.

    According to ThreatFabric, the fact that this malware continues to request repeated logins may indicate that it is not yet ready. The malware could have been created by the individuals responsible for the initial alien species, or it could have been created by someone who knows which code was used in the original version.

    By installing rogue apps from the Google Play Store for Android, the malware can be installed on a device. Recently, an app purporting to speed up a smartphone was discovered to have been previously controlled by a trojan and was effectively used to target over 50,000 consumers under the moniker Fast Cleaner.

     

    Read Also: The NCC CSIRT Discovers Malware That Targets Banking Applications



    After infiltrating the system, the Xenomorph is able to extract all personal data, including text messages. It is even capable of preventing the victim from uninstalling the application. This is a simple method for malware to take control of the system.

    The software can even steal banking information by displaying a counterfeit login window. With access to a user’s text messages, the malware can infiltrate other programmes without requiring a two-factor authentication.

    It operates by routing downloaded overlays for various financial applications to its command and control centre. This centre provides the user with a bogus log-in page that collects the user’s information.

     

    Read Also : Data Protection A Blessing or A Curse



    According to ThreatFabric, the virus communicates with its command and control centre only the overlay, not the logged data. The trojan has thus far targeted applications from a variety of nations, including Spain, Italy, and Belgium.

    Additionally, ThreatFabric stated that the malware has a great deal of potential to evolve into a more dangerous form. Future versions of this malware may be capable of stealing further data.

  • Security alert: NCC warns against software that steals banking app data

    Security alert: NCC warns against software that steals banking app data

    The Nigerian Communications Commission, an independent regulatory authority for the telecommunications industry in Nigeria has alerted Nigerian against software targeting users’ banking app information.

    According to NCC spokesman Ikechukwu Adinde in a statement released on Sunday, the Nigerian Communications Commission has found newly-hatched malicious software that steals Android users’ banking app login information.

    NCC’s Computer Security Incident Response Team discovered the virus, which uses SMS and notification interception to log in and utilize possible two-factor authentication tokens, as well as to steal passwords.

    “A security advisory from the NCC CSIRT said the malicious software called ‘Xenomorph’, found to target 56 financial institutions across Europe, had a high impact and high vulnerability rate.

    “Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize the battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

    The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

    “In a quest to avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions. He added.

    Furthermore, he explained “Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

    “The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory affirmed.

    In conclusion, Mr. Adinde said that the commission had advised telecom consumers to be on alert in order not to fall of this manipulation.

    He urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted Antivirus solutions and update them regularly to their latest definitions.

  • Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2

    Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2

    This is the second part of the Cybercrime in Nigeria series. 

    Read: Cybercrime Typology in Nigeria: A Sign of Industrialisation (Part 1)

    Nigerian crime now is abandoning pedestrian fraud-related crime that requires little or no technical skills. According to Statista, the country has 8th internet penetration rate, with 49 per cent of the country having an internet connection. The Nigeria Communication Commission has stated the country had over 114 million active internet subscriptions in December 2019. Technological penetration and increasing skills have raised the technical ability of users to conduct much more sophisticated and complex attacks.

    Cybercriminals from Nigeria have demonstrated significant competencies both locally and internationally. A lot of Nigerian government website and information technology infrastructure has been hacked. Corporate organisations are not spared as experienced by Aero contractors in 2019. Two Nigerians living in Dagenham (U.K.) were recently sentenced for hacking into 700 banks and cell phone accounts. The Lekoil fraud scandal is being perceived to involve the international Nigerian cybercrime syndicate. Despite the absence of proof, it is not beyond the capacity of Nigerian cybercriminals.

    Lekoil Logo

    It is generally acknowledged that no skill is required for any particular cybercrime not available among Nigerians. For example, Palo Alto Networks example named the Nigerian cybercrime crime group SilverTerrier.

    This group was accused of hacking, malware distribution, and Business Email Compromise (BEC). One official of the Nigerian Federal Ministry of Justice noted that Nigerians were now creating viruses and Botnets powerful enough to infiltrate any organisation.

    Read Also : The Forbidden Tool

    Recognition that majors Nigerian higher institutions are where these crimes are committed demonstrates that perpetrators are educated, technologically competent,t and have the resources to launch sophisticated cyberattacks. One example is the Hacking of the Independent Nigerian Electoral Commission (INEC) in the 2015 national election. The Nigerian state is preparing for cyber warfare by training service officers.

    Cyber hacking Nigeria

    In fact, we are witnessing the gradual evolution of cybercrime in Nigeria. It is how significant and sophisticated through advanced deployment. A further dimension of this sophistication is its direct focus on specific industries. The Nigerian hacking group named Gold Galleon has been associated with targeting the global maritime shipping industry. Other Nigerian hacking teams include “London blue”, which targets chief financial officers (CFOs). Other groups have the Nigerian cyber army and the Nigerian Hackers Team (NIHAT). The Nigerian cyber attackers develop their enterprise with increasing skills to hit local and foreign targets.

    Migration and Cybercrime in Nigeria

    Migration has played a significant role in improving the skills and competence of Nigerian cybercriminals. One convicted criminal has noted that there are now dedicated forums in which knowledge transfer occurs between Nigerians abroad and those that remain in the country. Hacking, for example, was one of the offenses leveled against the Bonaventure Chukwuka led group arrested and sentenced in London on the 2nd of May, 2019. In India, a cybercrime group consisting of three Nigerians involved in hacking bank accounts and creating fake web pages were arrested in June 2019.

    Many Nigerians residing abroad use their skills to expand their crimes. Moreover, many of these foreign-based perpetrators occasionally visit Nigeria to train or mentor locally based proteges to improve their skills and performance. This social arrangement has contributed to the overall sophistication of cybercrime in Nigeria.

    Evidence has also established the sophistication of cybercrime in Nigeria. Technological competency has stimulated high-level crime that was previously deemed impossible. The skills deployed suggest that technological penetration has contributed to the rate of perpetration. The most established modes include malware, hacking, virus, and botnets. Targets include specific industries or individuals which is another area of sophistication that emanates from the industry.

    Dr Pelumi Apantaku explores the changes in the type of crime as witnessed in established cases worldwide. This is a four-part series that provides an elaborate insight into cybercrime in Nigeria. 

  • Cyberattacks Ravages European Oil Companies

    Cyberattacks Ravages European Oil Companies

    European major oil transport and storage companies are battling with cyber-attacks. Companies including Evos (Netherlands), SEA-Invest (Belgium), and Oiltanking (Germany) are witnessing the disruption of their IT infrastructure. These attacks are having a global effect, with about a dozen terminals being affected. The affected companies confirmed its occurrence in the last few days. 

    Logo of oil companies

    According to Oxford Dictionaries, cyber-attacks are “the act of trying to damage or destroy a computer network, computer system or website by secretly changing information on it without permission”.

    Although, the severity of this attack is yet to be determined. Analysts in the industry asserted that the three companies were significantly affected by significant disruption and total collapse of their IT systems. A spokeswoman for SEA-Invest affirmed the incident and said it affected every port of the company in Africa and Europe.

    Sample of Ports
    A Typical Port (source: SEA-Invest)

    While Belgian prosecutors have started investigation, there is no confirmation of such moves in Africa. The company is present in Senegal, South Africa and Ivory Coast. There has been no official statement from the three African countries about the attack and the depth of impact on the ports. Despite the attack, the liquid transportation remains operational while the company seeks to restore their backup IT system. 

    Ransomware is “type of software that is designed to block access to a computer system until a sum of money is paid”.

    On the other hand, Evos has confirmed that Malta, Ghent, and Terneuzen are the ports affected. As of the press time, no conclusion has been reached concerning the source of this attack.

    Cyberattacks in  Oil and Gas Industry

    The energy sector has been a victim of cyberattacks. In 2017, Notpetya (Ukraine) was attacked 2017, resulting in the shutdown of almost the country’s entire power grid. This is not the first time that oil installations have been attacked. In May 2021, U.S. oil supplier Colonial Pipeline experienced supply problems due to a ransomware attack. It resulted in limited capacity across the U.S., resulting in an emergency. 

    Read Also : IOS or ANDROID which is safer from Cyber attack?

     

    Cyberattacks on energy firms might impact different aspects such as confidentiality, integrity, and availability. It can even result in endangering the lives of workers.  Ahmed Bakr, a Saudi Arabian senior cybersecurity officer (CSO), stated that “Oil and gas companies are targets of cybercriminals. We all are. Their attacks are intended to target a company’s systems and inflict damage by compromising the availability, integrity, and confidentiality of data for example.” The companies are exposed to large-scale threats because of the transnational nature of the players. The threat can even come from activists that can even be environmental groups. 

    Research conducted by the U.S. research institute Ponemon in 2017 discovered that 68percent of U.S. oil and gas companies had experienced a form of cyber attack resulting in loss of confidential information or operational disruption. This further attests to Norway’s experience of 50 oil and Energy companies being infected with Trojan virus. The Council on Foreign Relations (CFR) cited the energy sector as the most vulnerable industry to cyber-attacks. Hence, the need for the energy sector to focus on cyber resilience.