NCC raises alarm over software  stealing banking app login details


The Nigerian Communications Commission (NCC) has alerted the Nigerian public to a newly discovered malicious software that steals users’ banking app login credentials on Android devices.

The commission said that its Computer Security Incident Response Team (CSIRT), in security advice said that the malicious software called, Xenomorph, has been found to target 56 financial institutions from Europe as well as has high impact and high vulnerability rate.

It stated that the main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.

Internet World Stats, Nigerian Communications Commission remittance, Network operators in Nigeria, Telecoms companies in Nigeria, MTN Nigeria, Airtel Africa, Globacom data, 9mobile court case, Top 10 states in Nigeria with the highest Internet subscribers , Telecommunications: The bright spot in a fragile economy, Telcos add 5.64 million voice and data subscribers in Q3 2019 – NBS , Alleged N200bn Debt: EFCC, DSS to probe telcos, Network glitch, as poor internet speed continues to impede banking services, Telecoms record 725% increase in foreign capital investment, as GDP contribution hits N6 trillion, Coronavirus: Instant messaging platforms, Telcos raking in funds from the work-from-home policy, Telecoms: Bright spot amidst the gloom, Nigerians lambast MTN, Airtel for offering free SMS, ignoring request for free data, airtime

This disclosure is contained in a press statement issued by the commission and signed by its Director, Public Affairs, Dr Ikechukwu Adinde, as can be seen on its website.

NCC in its statement said, ‘’Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

‘’To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

‘’Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.’’

The commission’s CSIRT stated that the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones, noting that since it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

It states, “Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.

‘’The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads.’’

The NCC in its advisory message urged telecom consumers to be on alert in order not to fall victim to this manipulation. It asked telecom consumers and other Internet users, particularly those using Android-powered devices to use trusted Antivirus solutions and update them regularly to their latest definitions.

The Commission also implore consumers and other stakeholders to always update banking applications to their most recent versions.

Recall that in January, the NCC warned the public against a new high-risk, critical and Short Messaging Service-based malware, TangleBot, infecting Android mobile devices.

The TangleBot was said to have employed more or less similar tactics as the recently-announced notorious FlutBot SMS Android malware that targets mobile devices, adding that it equally gains control of the device but in far more invasive manner than the FlutBot malware.

Also 2 weeks earlier, the commission warned members of the public against the activities of a cybercrime group that has perfected a New Year scheme to deliver ransomware to targeted organizational networks.