NCC Alerts Nigerians Of Malware That Steals Banking App Login Details On Android Devices


The Nigerian Communications Commission (NCC) has alerted the public of a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.

The NCC spokesperson Dr. Ikechukwu Adinde, in a statement he issued at the weekend, said the malware which was discovered by the Commission’s Computer Security Incident Response Team (CSIRT), is called “Xenomorph”,

According to NCC, Xenomorph has been found to target 56 financial institutions from Europe, has a high impact and high vulnerability rate, with a major intent to steal credentials, combined with the use of SMS and Notification interception to log in and use potential 2-factor authentication tokens.

The Commission explained that Xenomorph is propagated by an application that was slipped into the Google Play store and masquerading as a legitimate application called “Fast Cleaner” which is supposedly meant to clear junk, increase device speed and optimize battery. In reality, however, the app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

“To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

“The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

See also  US Removes Nigeria From List Of Religious Violators

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services. The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory asserted,” NCC said.

Telecom consumers have been advised to be on the alert by the NCC In order not to fall victim to the manipulation.

Telecom consumers and other Internet users, especially those using Android-powered devices were further urged to obtain trusted Antivirus solutions and update them regularly to their latest definitions.

The commission also instructed consumers and other stakeholders to always update banking applications to their most recent versions.


Comments expressed here do not reflect the opinions of Vantage News Nigeria or any employee thereof.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.