Software that Steals Banking and Crypto Wallet Details from Phone Identified


Alt: = "mobile phone apps"

A malicious software that has the capability to steal users banking app login details has been discovered.

The Nigerian Communication Commission Computer Security Incident Response Team said this in a statement on Sunday.

The Director, Public Affairs of CSIRT, Dr Ikechukwu Adinde stated that the software identified as Xenomorph  which was called “Fast Cleaner’ was sneaked in to Google Play store in pretense that it’s a legitimate application. 

The Fast Cleaner is ostensibly said to be for clearing of junk, optimise battery and increase device speed, but in reality, CSIRT said the app is only a means through which Xenomorphic Trojan could be propagated easily and efficiently, and thereby “making it hard for Google to determine that such an app is being used for malicious actions.”

“To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.”

Dr Adinde said the app has been discovered to target 56 internet banking apps and crypto wallets in Spain, Italy, Belgium, Portugal.

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, nine from Belgium, and seven from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.”

How the Malicious Software Functions

Once it is installed on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions. The app also steals victims’ banking information by overlaying fake login pages on top of legitimate ones.

“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them,” the team said.

How to Stay Safe

The NCC Security advisory team further explained that “the Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads.”

The telecom consumers and other industry stakeholders were therefore advised to ensure not to fall victims of such malware. Those using  Android devices are advised to install trusted Antivirus solutions and update them regularly to their latest versions. And those using banking apps to update the apps to their lasted versions to prevent malware attracts.

Post a Comment

Previous Post Next Post