The NCC’s Computer Security Incident Response Team discovers malicious software programmed to steal Nigerians’ personal information with stealth for further illicit activity.
The NCC’s Computer Security Incident Response Team has prioritized the processes in which this software programmed and dubbed it the ‘Xenomorph’ attack. This malware is built to penetrate the Android OS firewall to copy bank credentials and other sensitive credentials processed in the smartphone.
The NCC’s Computer Security Incident Response Team discovered the vulnerability of Android OS and said that it is prone to the Xenomorph malware. Recall several cyberattacks on the European financial market when multiple financial institutions got robbed of cash via digital penetrations.
The Nigerian commission discovered the malware per the unprecedented Xenomorph trends from overseas — with Android users as its primary targets.
It is worth noting that these financial institutions utilize high-end technology applications, yet they got mugged by the Xenomorph. Once the malware gets its way into the Android device, Xenomorph intercepts notifications then filters the bank credentials and other sensitive credentials paired with an in-built SMS app.
The Android OS vulnerability to the Xenomorph attack also breaches the two-factor authentication system. Recall the malware is programmed to intercept notification likewise breaching the two-factor authentication token. The malware is designed for the Android OS — the NCC did not disclose the Xenomorph responsiveness to the iOS platform.
“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently. To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions,” Danbatta said.
“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service, intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it.” The malware invaded the supplier of Android apps, the Google Play Store. “The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.”
The Xenomorph malware is disguised as a regular app in Google’s app world christened ‘Fast Cleaner’ — this app is meant to optimize the Android device and clear junks that enhance the battery life. Several Nigerians have reportedly installed the app on their smartphones, including the regular African population.
For context, the Fast Cleaner boosters the Android device’s speed, it also invades its users’ finance and steals funds. The NCC revealed the Xenomorph attacks by stealth to replicate users’ bank credentials — to the extent of intercepting a two-factor authentication token.
The NCC has records of several victims of the Xenomorph malware — it camouflages on the login page of bank apps — the administrator of the malware can retrieve the 2FA tokens because the Xenomorph activity is synced with the same Android device.
Still, the Computer Security Incident Response Team did not reveal how the Xenomorph malware responds to the iOS platform. This explains how certified iOS security is not vulnerable to Xenomorph malware.
The Fast Cleaner is active in the Apple App Store — is the iPhone vulnerable to the Xenomorph malware? This is a non-rhetoric question the NCC should publish a report.
The Xenomorph malware can also hack your digital wallets, including a digital currency saved in a decentralized network. In sum, this is a priority warning to Android users optimizing their device with Fast Cleaner should stop and delete every trace of the app, Techbooky writes.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
