NCC raises the alarm as malware attacks over 300,000 devices — Nigeria — The Guardian Nigeria News – Nigeria and World News
Urges users to download apps only from official sites, stores
A MALWARE that steals Facebook account credentials, known as ‘Schoolyard Bully’, has infected over 300,000 android devices.
This has prompted the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) to issue an advisory, reminding users to only download applications from official sites and application stores.
The advisory recommended that users double-check each application; uncheck boxes that request extra third-party downloads when installing apps downloaded from Google Play Store; and use anti-malware applications to routinely scan their devices.
NCC, yesterday, said researchers from mobile security firm, Zimperium, found several apps that transmit the Schoolyard Bully malware, while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.
According to the commission, the primary objective of the malware, which affects all versions of Facebook apps for android, is to steal account information, including email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).
According to NCC-CSIRT, “the (Zimperium) research stated that the malware employs JavaScript injection to steal Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView map website element that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, email address, and password), and then sends them to the command-and-control server.
“The malware uses native libraries to evade detection and analysis by security software and machine learning technologies.”
The CSIRT is the telecom sector’s cyber security incidence centre, set up by NCC to focus on incidents in the sector as they may affect consumers.
…
Appknox partners CED Technologies on mobile app security | The Guardian Nigeria News
Appknox, an enterprise mobile application security solution firm and its African partner, CED Technologies have created awareness on the need for consumers to be security conscious in app usage.
Speaking at a webinar with the theme, “How an insecure mobile app can tarnish your company’s reputation”, which had stakeholders mostly from the financial institutions across Africa, the Co-founder and CEO of appKnox, Harshit Agarwal, noted that the essence of the webinar is to encourage developers, security researchers and enterprises to build safe and secure mobile applications.
“We want to encourage more African Organisations to make a cultural shift from DevOps to DevSecOps by using best-in-class technology,” he said, adding that Appknox approaches security testing with an automated vulnerability assessment, which includes Static, Dynamic and API testing combined with manual penetration testing to ensure security is addressed all nine yards.
Also speaking at the webinar, the Chief Technology Officer of CED Technologies, Chukwuebuka Ume-Ezeoke, advised that as organisations – big or small, it is important that everyone practices a healthy cyber environment as they provide best-in-class mobile apps for their users.
He explained that as African partner to Appknox, CED Technologies understands the pain points of businesses and how it can help address them bringing superior technology at an affordable rate while placing the importance on the personal touch in servicing clients.
“We strive to be the most trusted technology advisor for our clients as we stand behind our work and our clients in their needs. In the era of Vulnerability Assessment and Penetration Testing (VAPT) for Mobile App Security we provide Appknox to our clients,” he stated.
He reiterated CED Technologies’ commitment to connecting businesses with the highest-rated and vetted software solutions in Africa.
Meanwhile, the duo of Harrison Nnaji, Chief Information Security Officer (CISO) at FirstBank and Lanre Adelanwa Basamta, Group Head, Mobile Financial Services at Interswitch Group, have advised organisations to add Vulnerability Assessment and Penetration Testing…
Information-Centric Endpoint and Mobile Protection Market to Witness Huge Growth by 2029 -WinMagic, Microsoft, Kaspersky Lab, Sophos, Dell, Trend Micro, Vera, Titus, Symantec, Digital Guardian, Seclore, Ionic Security, Virtru, BlackBerry
The Information-Centric Endpoint and Mobile Protection report is an in-depth examination of the global Information-Centric Endpoint and Mobile Protection’s general consumption structure, development trends, sales techniques, and top nations’ sales. The research looks at well-known providers in the global Information-Centric Endpoint and Mobile Protection industry, as well as market segmentation, competition, and the macroeconomic climate. A complete Information-Centric Endpoint and Mobile Protection analysis takes into account a number of aspects, including a country’s population and business cycles, as well as market-specific microeconomic consequences. The global market research also includes a specific competition landscape section to help you better understand the Information-Centric Endpoint and Mobile Protection industry. This information can help stakeholders make educated decisions before investing.
Leading players of Information-Centric Endpoint and Mobile Protection including:
WinMagic, Microsoft, Kaspersky Lab, Sophos, Dell, Trend Micro, Vera, Titus, Symantec, Digital Guardian, Seclore, Ionic Security, Virtru, BlackBerry
Free Sample Report + All Related Graphs & Charts @ https://www.accuracyreports/report-sample/17471
The report is classified into multiple sections which consider the competitive environment, latest market events, technological developments, countries and regional details related to the Information-Centric Endpoint and Mobile Protection. The section that details the pandemic impact, the recovery strategies, and the post-pandemic market performance of each actor is also included in the report. The key opportunities that may potentially support the Information-Centric Endpoint and Mobile Protection are identified in the report. The report specifically focuses on the near term opportunities and strategies to realize its full potential. The uncertainties that are crucial for the market players to understand are included in the Information-Centric Endpoint and Mobile Protection report.
As a result of these issues, the Information-Centric Endpoint and Mobile Protection industry has been hampered. Because of…
NCC’s CSIRT warns against banking app-targeting malware | The Guardian Nigeria News
The Computer Security Incident Response Team (CSIRT) of the Nigerian Communications Commission’s (NCC) says it had discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.
NCC’s Director of Public Affairs (DPA), Dr Ikechukwu Adinde, disclosed this in a statement on Sunday, in Abuja.
Adinde explained that the main intent of this malware was to steal credentials, combined with the use of SMS and notification interception to log-in and use potential two-factor authentication tokens.
He said, according to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions across Europe, had high impact and high vulnerability rate.
“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimise battery.
“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.
“Fast Cleaner was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.
“This is to avoid early detection or being denied access to the Playstore,” he said.
He further explained that once up and running on a victim’s device, Xenomorph can harvest device information and SMS, intercept notifications and new SMS, perform overlay attacks and prevent users from uninstalling it.
“The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.
“The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.
“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.
“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” he said.
The DPA said that the commission had advised…