Tag Archive for: ncc

NCC warns against YouTube-related malware

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team has warned those looking to acquire pirated software and resources that they risk becoming victims of cybercriminal gangs that are using AI-generated YouTube videos to distribute malware.

The NCC-CSIRT further warned in its advisory that the consequences of falling victim could be significant for individuals and organisations, resulting in critical damage like data theft, financial loss, identity theft, system damage, and reputation damage.

According to the NCC Director, Public Affairs, Reuben Muoka, in a statement on Sunday, the advisory stated that unsuspecting victims who watched these AI-generated tutorial videos would be duped into clicking on one of the links in the video description, which usually resulted in the download of data-stealing malware.

It said the number of YouTube videos containing such links had increased by 200-300% months on month since November 2022.

“To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created. These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy.

“The tutorials in these videos are frequently bogus and steer viewers to links in the description that led to information-stealing malware like Raccoon, Vidar, and RedLine,” the advisory revealed.

It said malicious actors could create AI-generated videos that included hidden or disguised malware. These videos may appear to be harmless or even entertaining, but they can contain malicious code that can infect a viewer’s device when the video is downloaded or played.

“Cybercriminal actors can also use AI-generated videos to trick viewers into downloading malware. For example, they can create a video that appears to be a legitimate software update or security patch, but it contains malware that infects the viewer’s device.

“They equally use AI-generated videos to distribute phishing scams. They can create a video…

Source…

NCC raises the alarm as malware attacks over 300,000 devices — Nigeria — The Guardian Nigeria News – Nigeria and World News

/in


Urges users to download apps only from official sites, stores

A MALWARE that steals Facebook account credentials, known as ‘Schoolyard Bully’, has infected over 300,000 android devices.

This has prompted the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) to issue an advisory, reminding users to only download applications from official sites and application stores.

The advisory recommended that users double-check each application; uncheck boxes that request extra third-party downloads when installing apps downloaded from Google Play Store; and use anti-malware applications to routinely scan their devices.

NCC, yesterday, said researchers from mobile security firm, Zimperium, found several apps that transmit the Schoolyard Bully malware, while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.

According to the commission, the primary objective of the malware, which affects all versions of Facebook apps for android, is to steal account information, including email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).

According to NCC-CSIRT, “the (Zimperium) research stated that the malware employs JavaScript injection to steal Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView map website element that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, email address, and password), and then sends them to the command-and-control server.

“The malware uses native libraries to evade detection and analysis by security software and machine learning technologies.”

The CSIRT is the telecom sector’s cyber security incidence centre, set up by NCC to focus on incidents in the sector as they may affect consumers.

Source…

NCC flags banking app malware

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team has flagged a malware, XENOMORPH, that installs trojan in banking apps on the android platform to steal login details, raid bank accounts, and read personal SMS.

According to the commission, owners of compromised devices must take the extreme measure of doing factory resetting of infected devices.

The NCC-CSIRT, citing Zscaler ThreatLabz, said, “The Todo: Day Manager hijacks your login info from banking apps, and can even read your SMS messages. It installs a banking trojan malware called Xenomorph that allows the app to intercept your two-factor verification codes (typically delivered over text) to raid your logins – and bank account.

“Xenomorph performs overlay attacks by exploiting accessibility permissions in Android, resulting in the overlaying of fraudulent login screens on banking apps aimed at exfiltrating credentials. The Android app makes itself intentionally difficult to delete. You need to search your phone for it immediately and uninstall it.

“It starts with asking users to enable access permission. Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it un-installable from the phone.”

All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.

Contact: [email protected]

Source…

NCC warns of phishing attack exploit

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned that a new phishing, attacks exploit windows zero-day vulnerability, can load a malicious QBot malware on the compromised device without triggering any Windows security alerts.

In its advisory, NCC-CSIRT indicated that the vulnerability, which is present in all versions of Windows-based products, presents as Phishing Attacks and Malware threats.

NCC-CSIRT reports that ProxyLife security researcher discovered the new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings.

“To take advantage of the Windows Mark of the Web zero-day vulnerability, threat actors have switched to a new phishing strategy that involves propagating JS files (plain text files that include JavaScript code) signed with forged signatures. The newest phishing attempt begins with an email that contains a password for the file along with a link to an allegedly important document.

“When the link is clicked, a password-protected ZIP folder that includes another zip file and an IMG file is downloaded. Normally, launching the JS file in Windows would result in a Mark of the Web security warning because it is an Internet-based file. However, the forged signature permits the JS script to function and load the malicious QBot program without triggering any Windows security alerts,” the advisory said.

Accordingly, NCC-CSIRT advised that users apply updates per vendor instructions.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Source…