New malware has targeted 56 financial institutions in Europe
By Jeph Ajobaju, Chief Copy Editor
A new malicious software called Xenomorph roams cyberspace and steals banking app login details on Android devices, the Nigerian Communications Commission (NCC) has alerted the public.
The NCC said its Computer Security Incident Response Team (CSIRT) found Xenomorph has targeted 56 financial institutions in Europe with high impact and high vulnerability rate.
The main intent is to steal personal data, combined with the use of SMS and notification interception to login and use potential 2-factor authentication tokens.
“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise battery.
“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently,” NCC Public Affairs Director Ikechukwu Adinde explained in a statement published on the NCC website.
“To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.
‘’Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it.
“The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.’’
__________________________________________________________________
Related articles:
Global media outlets working to unravel Pegasus spyware network
Google alerts 2.65b Chrome users about hacking. Apple scrambles to block iPhone spyware
Nigeria spies on citizens with Israeli tech
Buhari intensifies spying on Nigerians
______________________________________________________________
Xenomorph targets
The malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.
It can also intercept messages and notifications, allows its operators to bypass SMS-based two-factor authentication and log into victims’ accounts without alerting them, the statement warned, as reported by Nairametrics.
“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.
‘’The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads.’’
Advice to Android phone and internet users
In the latest warning, the NCC urged telecom consumers and other stakeholders
- To be on alert not to fall victim to this manipulation.
- Particularly Android-powered device users to use trusted antivirus solutions and update them regularly to their latest definitions.
- To always update banking applications to their most recent versions.
Warnings earlier this year
The NCC had warned in January that
- A cybercrime group has perfected a New Year scheme to deliver ransomware to targeted organisational networks.
- TangleBot, a new high-risk, critical and SMS-based malware infects Android mobile devices.
- TangleBot employs more or less similar tactics as the FlutBot SMS Android malware that targets mobile devices.
- TangleBot equally gains control of a device but in far more invasive manner than FlutBot.