The Nigerian Communications Commission’s (NCC) Computer Security Incident Response Team, CSIRT, has warned Nigerians to be wary of new malicious software that steals users’ banking app login credentials on Android devices.
According to a security advisory issued by the NCC CSIRT, the malicious software known as “Xenomorph,” which has been discovered to target 56 financial institutions in Europe, has a high impact and a high vulnerability rate.
According to NCC, the main goal of this malware was to steal credentials and use SMS and notification interception to log in and use potential 2-factor authentication tokens.
ATTENTION: Click “HERE” to join our WhatsApp group and receive News updates directly on your WhatsApp!
Xenomorph is spread by an app that was slipped into the Google Play store and masquerading as a legitimate app called “Fast Cleaner,” which is ostensibly meant to clear junk, boost the device’s speed and battery life. In reality, this app is simply a means for the Xenomorph Trojan to spread quickly and easily.
To avoid detection or denial of PlayStore access, ‘Fast Cleaner’ was distributed before the malware was placed on the remote server, making it difficult for Google to determine that such an app is being used for malicious purposes.
Xenomorph can harvest device information and Short Messaging Service (SMS) messages, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it once it is installed on a victim’s device.
The threat also requests Accessibility Services privileges, which will allow it to grant itself additional permissions.
According to the CSIRT, the malware also steals victims’ banking credentials by superimposing bogus login pages on top of legitimate ones.
Given its ability to intercept messages and notifications, it enables its operators to circumvent SMS-based two-factor authentication and log into victims’ accounts without alerting them.
