Tag Archive for: ncc

NCC uncovers cyber threats to Windows platforms, routers

/in


The Nigerian Communications Commission, in a press statement released on Thursday, said its Computer Security Incidents Response Team had discovered “two new separate cyber threats targeting Windows Platforms and a particular kind of routers respectively.”

The statement, signed by the NCC Director of Public Affairs, Dr Ikechukwu Adinde, noted that “the discoveries were made known in two separate advisories released by the cyber-space protection team earlier this week.”

The statement read: “The first cyber threat is a ransomware known as ‘Lokilocker’, which is capable of wiping data from all version of Windows systems or platforms. It causes data loss, and denial of service (DoS), which reduces user’s productivity.

“‘Lokilocker’ is a relatively new ransomware that has been discovered by security researchers and belonging to the ransomware family. Lokilocker operates by encrypting user files and renders the compromised system useless if the victim does not pay the demanded ransom in time.

“To hide the malicious activity, the ransomware displays a fake window update screen, cancel specific processes and services, and completely disables the task manager, windows error reporting, machine firewall and windows defender of the compromised system.

“Sadly, it also has in-built processes that prevent data recovery as it deletes backup files, shadow copies, and removes system restore points. It also overwrites the user login note and modifies original equipment manufacturer (OEM) information in the registry of the compromised system.”

Suggesting possible protection against LokiLocker, the statement quoted the NCC CSIRT as saying: “To protect against infections by LokiLocker and similar ransomware, the best rule is to always have a backup copy of your data, which should be stored offline.”

CSIRT further stated that “all downloads and email attachments should be opened with caution, even if they are from trusted sites or senders. Users should also ensure that attachments are scanned with an up-to-date antimalware solution, before opening.”

According to the statement, the “second cyber threat discovered by the NCC CSIRT is a Botnet that targets the…

Source…

NCC CSIRT Discovers Banking App-Targeting Malware –

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT) has discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.

According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions from Europe, has high impact and high vulnerability rate. The main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.

Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.

The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory…

Source…

Warning to Nigerians: Avoid clicking links sent through SMS, malware in circulation, NCC says

/in


  • Nigerians have been asked not to click on any link sent through SMS because it can contain a terrible virus
  • According to the Nigerian Communications Commission (NCC), the virus infects Android mobile devices
  • Some of the messages with the link to the malware are said to contain information on COVID vaccination and power outages

The Nigerian Communications Commission (NCC) has warned the public of TangleBot, a new virus infecting Android mobile devices through short messaging service (SMS).

This was disclosed in a statement issued on Saturday by Ikechukwu Adinde, NCC spokesman, following a recent security advisory made available to the commission by the Nigeria Computer Emergency Response Team (ngCERT).

Avoid clicking links sent through SMS, malware in circulation, NCC says
NCC asks Nigerians to avoid clicking links sent through SMS. Photo: NCC
Source: Facebook

Some of the messages with the link to the malware are said to contain information on COVID vaccination and power outages.

“The aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information,” the statement reads.

Read also

Stop charging your phone in public places, ‘Yahoo boys’ can hack into your phones NCC warns Nigerians

Do you have a groundbreaking story you would like us to publish? Please reach us through [email protected]!

“Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine (9) dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

“The immediate consequence to this, is that the malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.”

The NCC added that the malware takes control of the targeted device, including access to banking data.

“In order to ensure maximum protection for Internet users in the country, the ngCERT has offered a number of preventive measures to be taken by the consumers. These measures include an advisory to telecom consumers and other Internet users to refrain…

Source…

Beware of Hacking Group Targeting Telcos, ISPs, NCC Warns

/in


Emma Okonji

The Nigerian Communications Commission (NCC) has again alerted members of the public of the existence of another hacking group orchestrating cyber-espionage in the African telecoms space.

In a statement signed by its Director, Public Affairs, Dr. Ikechukwu Adinde, the agency disclosed that an Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) had been reported to be targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyber-espionage.

According to the statement, “Information about this cyber-attack is contained in the latest advisory issued by the Nigerian Computer Emergency Response Team (ngCERT). The ngCERT rated the probability and damage level of the new malware as high.”

The NCC quoted the advisory, which stated that the hacking group was known to be focused on infiltrating the networks of telecoms companies and ISPs.

Between July and October 2021, Lyceum was implicated in attacks against ISPs and telecoms organisations in Israel, Morocco, Tunisia, and Saudi Arabia, the statement revealed.

“The advanced persistent threat (APT) group has been linked to campaigns that hit Middle Eastern oil and gas companies in the past. Now, the group appears to have expanded its focus to the technology sector. In addition, the APT is responsible for a campaign against an unnamed African government’s Ministry of Foreign Affairs.

“By the attackers’ mode of operation, Lyceum’s initial onslaught vectors include credential stuffing and brute-force attacks. So, once a victim’s system is compromised, the attackers conduct surveillance on specific targets.

“In that mode, Lyceum will attempt to deploy two different kinds of malware: Shark and Milan (known together as James).

“Both malware are backdoors. Shark, a 32-bit executable written in C# and .NET, generates a configuration file for domain name system (DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communications; whereas Milan – a 32-bit Remote Access Trojan (RAT) retrieves data,” the statement…

Source…