NCC warns Nigerians on new ways hackers steal banking details from phones
NCC warns Nigerians on new ways hackers steal banking details from phones.
The Nigerian Communications Commission's Computer Security Incident Response Team (CSIRT) has discovered new malicious software that steals Android users' banking app login credentials.
The malicious software known as "Xenomorph," which has been found to target 56 financial institutions across Europe, has a high impact and high vulnerability rate, according to a security advisory from the NCC CSIRT.
The main goal of this malware is to steal credentials by intercepting SMS and Notifications and then using them to log in and potentially use 2-factor authentication tokens.
Xenomorph is spread by an app called "Fast Cleaner" that was slipped into the Google Play store and ostensibly meant to clear junk, speed up the device, and save battery life. In reality, this app is merely a means of quickly and easily spreading the Xenomorph Trojan.
"Fast Cleaner" was distributed before the malware was placed on the remote server, making it difficult for Google to determine that the app is being used for malicious purposes and being denied access to the PlayStore.
Xenomorph can collect device information and SMS messages, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling once it is installed on a victim's device.
Xenomorph can harvest device information and SMS messages, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it once it is installed on a victim's device. The threat also requests Accessibility Services privileges, which will allow it to grant itself additional rights.
The malware also steals victims' banking credentials, according to the CSIRT, by overlaying fake login pages over legitimate ones. Its operators can bypass SMS-based two-factor authentication and log into the victims' accounts without alerting them because it can intercept messages and notifications.
"Xenomorph has been discovered to target 56 internet banking apps, including Cryptocurrency wallets and general-purpose applications like emailing services, with 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal.
The CSIRT security advisory stated, "The Fast Cleaner app has now been removed from the Play Store, but not before it garnered 50,000+ downloads."
The Nigerian Communications Commission wishes to warn telecom customers to be vigilant in order to avoid falling prey to this deception.
As a result, the NCC advises telecom customers and other Internet users, particularly those who use Android-powered devices, to use trusted antivirus software and to update it to the most recent definitions on a regular basis.
Consumers and other stakeholders were also urged to always update banking applications to the most recent versions, according to the Commission. » via DJ MoreMusic
http://dlvr.it/SKkpfG
http://dlvr.it/SKkpfG
Comments
Post a Comment