The Nigerian Communications Commission, an independent regulatory authority for the telecommunications industry in Nigeria has alerted Nigerian against software targeting users’ banking app information.
According to NCC spokesman Ikechukwu Adinde in a statement released on Sunday, the Nigerian Communications Commission has found newly-hatched malicious software that steals Android users’ banking app login information.
NCC’s Computer Security Incident Response Team discovered the virus, which uses SMS and notification interception to log in and utilize possible two-factor authentication tokens, as well as to steal passwords.
“A security advisory from the NCC CSIRT said the malicious software called ‘Xenomorph’, found to target 56 financial institutions across Europe, had a high impact and high vulnerability rate.
“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize the battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.
The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.
“In a quest to avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions. He added.
Furthermore, he explained “Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.
“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory affirmed.
In conclusion, Mr. Adinde said that the commission had advised telecom consumers to be on alert in order not to fall of this manipulation.
He urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted Antivirus solutions and update them regularly to their latest definitions.