NCC warns Nigerians of malware stealing banking app details

165

The Nigerian Communications Commission’s (NCC) Computer Security Incident Response Team (CSIRT)  has warned Nigerians about newly discovered malicious software that steals Android users’ banking app login credentials.

According to the commission, the malicious software known as ‘Xenomorph,’ which has been discovered to target 56 European financial institutions, has a high impact and a high vulnerability rate.

It went on to say that the main goal of this malware was to steal credentials, which it accomplished through the use of SMS and notification interception to log in and potentially steal two-factor authentication tokens.

In a statement, NCC said, “Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise battery.

“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently. To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.”

According to the commission’s CSIRT, the malware stole victims’ banking credentials by overlaying fake login pages on top of legitimate ones and since it could intercept messages and notifications, it allowed its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

According to the CSIRT security advisory, Xenomorph has been discovered to target 56 internet banking apps, including 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as cryptocurrency wallets and general-purpose applications such as emailing services.

According to the NCC, despite the fact that the Fast Cleaner app was removed from the Play Store, it received over 50,000 downloads.