The Nigerian Communications Commission’s Computer Security Incident Response Team has warned Nigerians about recently discovered malware that steals users’ banking app login credentials on Android devices.
According to the commission, the malware called “Xenomorph”, which targets 56 European financial institutions, has a high impact and a high vulnerability rate.
He added that the main intention of this malware was to steal credentials, combined with the use of SMS and notification interception to log in and possible two-factor authentication tokens.
In a statement, NCC said: “Xenomorph is spread by an app that was snuck into the Google Play Store and impersonating a legitimate app called ‘Fast Cleaner’ supposedly intended to clean up junk files, boost speed of the device and to optimize the battery.
“In reality, this application is just a means by which the Xenomorph Trojan could spread easily and efficiently. To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was released before the malware was placed on the remote server, making it difficult for Google to determine that such an app is in use for malicious actions.
“Once operational on a victim’s device, Xenomorph can collect device and short messaging service information, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also requests accessibility services privileges, which allows it to grant itself other permissions.”
According to the commission’s CSIRT, the malware stole victims’ banking credentials by overlaying fake login pages onto legitimate ones, and because it could intercept messages and notifications, it allowed its operators to bypass SMS two-factor authentication and connect to victims. ‘ accounts without alerting them.
The CSIRT security advisory said Xenomorph targets 56 online banking apps: 28 from Spain, 12 from Italy, 9 from Belgium and 7 from Portugal; as well as cryptocurrency wallets and general-purpose apps like email services.
Although the Fast Cleaner app was removed from the Play Store, it garnered more than 50,000 downloads, according to the NCC.
All rights reserved. This material and any other digital content on this website may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without the prior express written permission of PUNCH.
Contact: [email protected]