Photo: Alabian Solutions

Cybersafety: NCC-CSIRT flags Xenomorph malware, advises consumers on factory-resetting of infected devices

*The Nigerian Communications Commission’s Computer Security Incident Response Team consumers of compromised devices take the extreme measure of doing factory resetting of their infected devices

Gbenga Kayode | ConsumerConnect

In its efforts at protecting telecoms consumers in the country’s cyberspace, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has disclosed that the regulator flagged ‘Xenomorph’, a malware that installs Trojan in banking apps on the Android platform to steal login details, raid bank accounts, and read the users’ Short Messaging Service (SMS) messages.

ConsumerConnect reports Mr. Reuben Muoka, Director of Public Affairs at NCC, Wednesday, December 7, 2022, stated the NCC-CSIRT has suggested that consumers of compromised devices take the extreme measure of doing factory resetting of their infected devices.

How Xenomorph malware operates

Citing Zscaler ThreatLabz, the Team said: “The Todo: Day Manager hijacks your login info from banking apps, and can even read your SMS messages.

READ ALSO  5G Technology: NCC Announces Update On 3.5GHz Spectrum Auction

“It installs a banking trojan malware called Xenomorph that allows the app to intercept your two-factor verification codes (typically delivered over text) to raid your logins – and bank account.”

The NCC-CSIRT advisory also noted: “Xenomorph performs overlay attacks by exploiting accessibility permissions in Android, resulting in the overlaying of fraudulent login screens on banking apps aimed at exfiltrating credentials.

“The Android app makes itself intentionally difficult to delete.

READ ALSO: NCC Alerts Cybercriminals Using TikTok Challenge To Infect Your Device With Malware

“You need to search your phone for it immediately and uninstall it.”

The Team further said: “It starts with asking users to enable access permission.

“Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it un-installable from the phone.”

RELATED: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

It urged consumers: “If you haven’t given permission to the app, then you should be able to uninstall it safely.

“Otherwise, you may have to back up your files and then factory-reset your phone to clear the app completely.”

Measures to protect your devices against Xenomorph malware

In regard to potential solutions to the malware, the NCC-CSIRT advised consumers to “search your phone for the app and uninstall immediately or backup your files and factory reset your phone.

READ ALSO: How Telecoms Policies Enhance Digital Access, Media And Knowledge Production In Nigeria: Danbatta

“Only search for an app in the Google Play Store, pay close attention to the search results, look at the apps icons, note that fake apps almost always use the icon from the app they’re faking, then look at the developer’s name and make sure it’s from the right developer.”

It also urged users: “Look at the app’s download count.

“If the app has a lot of downloads going into millions to hundreds of thousand that’s a clue that it’s the right app.

READ ALSO Cybersafety: NCC-CSIRT Cautions Consumers Against Phishing Attack Exploit

“Then, finally, look at the app’s description and screenshots to ensure that it doesn’t contain multiple spelling or grammar mistakes or otherwise broken English.

“Make use of Google Play Protect, which regularly scans your apps for malware and will alert you to uninstall rogue apps.”

READ ALSO Special Report: 2022 WCRD And Consumer Protection Against Market Abuses In Digital Financial Services Ecosystem

The CSIRT is the telecoms sector’s cybersecurity incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom6 consumers and citizens at large.

The CSIRT also works collaboratively with Nigeria Cybersecurity Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Kindly Share This Story