24.2 C
Thursday, December 7, 2023

NCC discovers software that steals user’s banking login information

The Security advisory from the NCC CSIRT has discovered a malicious software called Xenomorph, found to target 56 financial institutions from Europe. The software is said to have a high impact and high vulnerability rate. 

In an advisory released on Sunday to warn Nigerians about the harmful malware, the NCC stated that the main goal of Xenomorph was to steal credentials and exploit SMS and notification interception to log in and use possible two-factor authentication tokens. 

“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise the battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.” NCC’s spokesman, Ikechukwu Adinde, said in the advisory.  

“To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions” 

Once up and running on a victim’s device, the NCC said Xenomorph could harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks and prevent users from uninstalling it. 

The threat also asks for Accessibility Services privileges which allow it to grant itself further permissions, according to the NCC. 

The NCC further said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. 

Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them, NCC further said. 

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like email services. The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory asserted. 

Accordingly, the NCC urges telecom consumers and other Internet users, particularly those using Android-powered devices to use trusted Antivirus solutions and update them regularly to their latest definitions. The commission also implores consumers and other stakeholders to always update banking applications to their most recent versions. 

 Source: Daily Trust 



I’ll Support Tinubu on Nigeria’s Economic Growth, Security – Biden

President Joe Biden of the United States has vowed...

Anambra State Government Takes Initiatives to Digitalize Its Services

To better serve its citizens, the Anambra State government...

Nigeria Records 55 Million Malaria Cases Annually – FG

The Federal Government said an estimated 55 million cases...

FG Grants Nigerian Citizenship to 385 Foreigners

The Federal Executive Council (FEC) approved the granting of...

What Makes Tinubu Different From Buhari – Fashola

Minister of Works and Housing, Babatunde Fashola has revealed...