The Nigerian Communications Commission (NCC) Computer Security Incident Response Team (CSIRT) has discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.
According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions from Europe, has high impact and high vulnerability rate.
A statement issued on Sunday by NCC Director of Public Affairs, Dr. Ikechukwu Adinde, said the main intent of the malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.
Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently, the commission said.
To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions, the NCC said.
“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions,” the statement added.
Get the latest in African news delivered straight to your inbox
By submitting above, you agree to our privacy policy.
Almost finished…
We need to confirm your email address.
To complete the process, please follow the instructions in the email we just sent you.
There was a problem processing your submission. Please try again later.
The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.
“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.
“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory asserted.
The NCC therefore advised telecom consumers to be on alert in order not to fall victim to this manipulation.
Accordingly, the commission urged telecom consumers and other Internet users, particularly those using Android-powered devices to use trusted Antivirus solutions and update them regularly to their latest definitions.
The Commission also implored consumers and other stakeholders to always update banking applications to their most recent versions.
Read the original article on Leadership.
AllAfrica publishes around 600 reports a day from more than 100 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.
Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.
AllAfrica is a voice of, by and about Africa – aggregating, producing and distributing 600 news and information items daily from over 100 African news organizations and our own reporters to an African and global public. We operate from Cape Town, Dakar, Abuja, Johannesburg, Nairobi and Washington DC.
Get the latest in African news delivered straight to your inbox
By submitting above, you agree to our privacy policy.
Almost finished…
We need to confirm your email address.
To complete the process, please follow the instructions in the email we just sent you.
There was a problem processing your submission. Please try again later.
