According to NCC spokesperson Ikechukwu Adinde, the Nigerian Communications Commission has found a newly-hatched dangerous malware that steals users’ banking app login information on Android devices.
The virus, which was discovered by the NCC’s Computer Security Incident Response Team, steals credentials and uses SMS and notification interception to log in and use possible two-factor authentication tokens.
“A security advisory from the NCC CSIRT said the malicious software called ‘Xenomorph’, found to target 56 financial institutions across Europe, had a high impact and high vulnerability rate.
“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise the battery.
“Fast Cleaner was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.
“This is to avoid early detection or being denied access to the Playstore,” he said.
He further explained that once up and running on a victim’s device, Xenomorph can harvest device information and SMS, intercept notifications and new SMS, perform overlay attacks and prevent users from uninstalling it.
“The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.
“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” he said.
Mr Adinde said that the commission had advised telecom consumers to be on alert in order not to fall victims of this manipulation.
He urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted Antivirus solutions and update them regularly to their latest definitions.
(NAN)
