The Nigerian Communications Commission’s Computer Security
Incident Response Team (CSIRT) has discovered a newly-hatched malicious
software that steals users’ banking app login credentials on Android devices.
According to a security advisory from the NCC CSIRT, the
malicious software called “Xenomorph”, found to target 56 financial
institutions from Europe, has high impact and high vulnerability rate.
The main intent of this malware is to steal credentials,
combined with the use of SMS and Notification interception to log-in and use
potential 2-factor authentication tokens.
Xenomorph is propagated by an application that was slipped
into Google Play store and masquerading as a legitimate application called
“Fast Cleaner” ostensibly meant to clear junk, increase device speed and
optimize battery. In reality, this app is only a means by which the Xenomorph
Trojan could be propagated easily and efficiently.
To avoid early detection or being denied access to the
PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the
remote server, making it hard for Google to determine that such an app is being
used for malicious actions.
Once up and running on a victim’s device, Xenomorph can
harvest device information and Short Messaging Service (SMS), intercept
notifications and new SMS messages, perform overlay attacks, and prevent users
from uninstalling it. The threat also asks for Accessibility Services
privileges, which allow it to grant itself further permissions.
The CSIRT said the malware also steals victims’ banking
credentials by overlaying fake login pages on top of legitimate ones.
Considering that it can also intercept messages and notifications, it allows
its operators to bypass SMS-based two-factor authentication and log into the
victims’ accounts without alerting them.
“Xenomorph has been found to target 56 internet banking
apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as
well as Cryptocurrency wallets and general-purpose applications like emailing
services.
“The Fast Cleaner app has now been removed from the Play
Store but not before it garnered 50,000+ downloads,” the CSIRT security
advisory asserted.
The Nigerian Communications Commission hereby wishes to
advise telecom consumers to be on alert in order not to fall victim to this
manipulation.
Accordingly, the NCC urges telecom consumers and other
Internet users, particularly those using Android-powered devices to use trusted
Antivirus solutions and update them regularly to their latest definitions.
The Commission also implored consumers and other
stakeholders to always update banking applications to their most recent
versions.
Click to signup for FREE news updates, latest information and hottest gists everyday
Advertise on NigerianEye.com to reach thousands of our daily users
No comments
Post a Comment
Kindly drop a comment below.
(Comments are moderated. Clean comments will be approved immediately)
Advert Enquires - Reach out to us at NigerianEye@gmail.com