The Nigerian Communications Commission’s Computer Security Incident Response Team has flagged a malware, XENOMORPH, that installs trojan in banking apps on the android platform to steal login details, raid bank accounts, and read personal SMS.
According to the commission, owners of compromised devices must take the extreme measure of doing factory resetting of infected devices.
The NCC-CSIRT, citing Zscaler ThreatLabz, said, “The Todo: Day Manager hijacks your login info from banking apps, and can even read your SMS messages. It installs a banking trojan malware called Xenomorph that allows the app to intercept your two-factor verification codes (typically delivered over text) to raid your logins – and bank account.
“Xenomorph performs overlay attacks by exploiting accessibility permissions in Android, resulting in the overlaying of fraudulent login screens on banking apps aimed at exfiltrating credentials. The Android app makes itself intentionally difficult to delete. You need to search your phone for it immediately and uninstall it.
“It starts with asking users to enable access permission. Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it un-installable from the phone.”