The Nigerian Communications Commission’s Computer Security Incident Response Team has uncovered a new malicious software.
NCC has warned Nigerians of malware stealing users’ banking app login credentials on Android devices.
According to the commission, the malware called ‘Xenomorph’ has a high impact and high vulnerability rate and has been found to target 56 financial institutions from Europe.
It added that the main intent of this malware was to steal credentials, combined with the use of SMS notification interception to log in and potential two-factor authentication tokens.
The NCC in a statement said, “Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise the battery.
“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently. To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.
“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.”
