Banking

NCC warns against banking app-targeting malware, Xenomorph

The Computer Security Incident Response Team (CSIRT) of the Nigerian Communications Commission (NCC) has discovered a newly-hatched malicious software, Xenomorph, that steals users’ banking app login credentials on Android devices.

NCC’s Director of Public Affairs (DPA), Dr. Ikechukwu Adinde, disclosed this in a statement on Sunday, in Abuja.

Adinde explained that the main intent of this malware was to steal credentials, combined with the use of SMS and notification interception to log in and use potential two-factor authentication tokens.

He said, according to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions across Europe, had high impact and high vulnerability rate.

“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimise battery.

“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

“Fast Cleaner was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“This is to avoid early detection or being denied access to the Playstore,” he said.

READ ALSO: Facebook bans Russian media from running adverts, monetising

He further explained that once up and running on a victim’s device, Xenomorph can harvest device information and SMS, intercept notifications and new SMS, perform overlay attacks and prevent users from uninstalling it.

“The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

“The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.

“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” he said.

The DPA said that the commission had advised telecom consumers to be on alert in order not to fall victims of this manipulation.

READ ALSO:  Hacker arrested for stealing $40,000 from Neymar’s account

He urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted Antivirus solutions and update them regularly to their latest definitions.

He also implored consumers and other stakeholders to always update banking applications to their most recent versions.

Xenomorph has been found to target 28 banking apps from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal.

Cryptocurrency wallets and general-purpose applications like emailing services are also some of the target.

The Star

Editor

Recent Posts

Israel-Hezbollah ceasefire begins after 14-month war

Israel and Lebanon-based Hezbollah militants began a ceasefire on Wednesday, November 27, 2024, in a…

9 mins ago

Gunmen kidnap 3 at Innoson showroom in Anambra

Gunmen suspected to be kidnappers have abducted no fewer than three persons at the Innoson…

23 mins ago

Yahaya Bello calms supporters as judge walks out over crowd in courtroom

Former Kogi State Governor, Yahaya Bello, on Wednesday, November 27, 2024, took over crowd control…

43 mins ago

Yahaya Bello pleads not guilty to N110bn fraud charges

The immediate past governor of Kogi State, Yahaya Bello, has pleaded not guilty to the…

60 mins ago

98 PAP delegates complete maritime-related skills training

98 maritime delegates sponsored by the Presidential Amnesty Programme (PAP) for a boot camp and…

3 hours ago

Man jailed for using friend’s certificate for employment at Ministry of Health

A man, Martins Ugwu, has been sentenced to four years imprisonment for impersonating and using…

5 hours ago

This website uses cookies.