Tag Archive for: nigeria

NCC-CSIRT flags ‘HiddenAds’ malware – The Sun Nigeria

/in


By Chinenye Anuforo, [email protected]

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has flagged a new malware, HiddenAds, which has infiltrated Google Play Store and can impact device performance and jeopardize users’ privacy.

In its advisory of August 8, 2022, NCC-CSIRT classified the virus, first identified by the McAfee Mobile Research Team, as high in probability and damage potential.

The malware infiltrated the Google Play Store in the form of several device cleaners or optimization apps.

According to the summary provided by NCC-CSIRT “Upon installation, it can run malicious services without the user opening the app. It also spams the user with irrelevant advertisements. The apps have received downloads ranging from 100,000 to over a million.

“Some of the apps HiddenAds masquerades as are: Junk Cleaner, EasyCleaner, Power Doctor, Carpet Clean, Super Clean, Meteor Clean, Strong Clean, Windy Clean, Fingertip Cleaner, Keep Clean, Full Clean – Clean Cache, Quick Cleaner, and Cool Clean.

“When a user installs any of the aforementioned apps, whether the user has opened the app or not, a malicious service is immediately installed on the device. The app will then attempt to blend into the app tray by changing its icon to the Google Play icon that every Android user is familiar with. Its name will also change to ‘Google Play’ or ‘Setting’. The device will then be bombarded with ads in a variety of deceptive ways, severely impairing the user experience,” the advisory stated.

Anyone that installs the compromised app will experience their device performance suffering significantly, clicking on the ads may result in stealth downloads/installation of other malware, users may inadvertently subscribe to services and be billed on a monthly basis, and the privacy of users will be jeopardized.

NCC-CSIRT advised users to avoid downloading questionable apps or apps they are unsure about while those who have installed any of the identified malicious apps should immediately delete them.

It further disclosed that where the malicious app’s icon and name have changed, it can be identified by the fact that it is removable while the…

Source…

Appknox partners CED Technologies on mobile app security | The Guardian Nigeria News

/in


Appknox, an enterprise mobile application security solution firm and its African partner, CED Technologies have created awareness on the need for consumers to be security conscious in app usage. 
   
Speaking at a webinar with the theme, “How an insecure mobile app can tarnish your company’s reputation”, which had stakeholders mostly from the financial institutions across Africa, the Co-founder and CEO of appKnox, Harshit Agarwal, noted that the essence of the webinar is to encourage developers, security researchers and enterprises to build safe and secure mobile applications.
  
“We want to encourage more African Organisations to make a cultural shift from DevOps to DevSecOps by using best-in-class technology,” he said, adding that Appknox approaches security testing with an automated vulnerability assessment, which includes Static, Dynamic and API testing combined with manual penetration testing to ensure security is addressed all nine yards.
  

Also speaking at the webinar, the Chief Technology Officer of CED Technologies, Chukwuebuka Ume-Ezeoke, advised that as organisations – big or small, it is important that everyone practices a healthy cyber environment as they provide best-in-class mobile apps for their users.

He explained that as African partner to Appknox, CED Technologies understands the pain points of businesses and how it can help address them bringing superior technology at an affordable rate while placing the importance on the personal touch in servicing clients.
  
“We strive to be the most trusted technology advisor for our clients as we stand behind our work and our clients in their needs. In the era of Vulnerability Assessment and Penetration Testing (VAPT) for Mobile App Security we provide Appknox to our clients,” he stated.
   
He reiterated CED Technologies’ commitment to connecting businesses with the highest-rated and vetted software solutions in Africa.
  
Meanwhile, the duo of Harrison Nnaji, Chief Information Security Officer (CISO) at FirstBank and Lanre Adelanwa Basamta, Group Head, Mobile Financial Services at Interswitch Group, have advised organisations to add Vulnerability Assessment and Penetration Testing…

Source…

New Warnings Show How Hackers in Nigeria Can Remotely Steal Cars – IT News Africa

/in


Image sourced from Car Throttle.com.

Nigeria’s Communications Commission (NCC) published a warning yesterday advising drivers in the West African country to beware of a new cybercrime method being used by hackers where car doors can be opened and vehicles can be started without keys, all done remotely while the criminals hide nearby.

According to the NCC, owners of Honda and Acura-model vehicles are the most susceptible to these kinds of new attacks.

The NCC discovered these new grand theft auto methods via investigations made by the Computer Security Incident Response Team (CSIRT), a cybersecurity body established to protect the country’s telecom sector by the NCC.

According to CSIRT’s report, released to the media by Dr Ikechukwu Adinde, Director Public Affairs at the NCC, there is an existing cyber-vulnerability with certain makes of vehicles that allows hackers to remotely unlock vehicles, start their engines wirelessly and then steal the cars. The only requirement is that the hackers be nearby the vehicles to allow the process to take place.

“CSIRT discovered that because car remotes are categorised as short-range devices that make use of radiofrequency to lock and unlock cars, there are immediate dangers in a new hacking method which sees hackers take advantage to unlock and start a compromised car,” said Adinde, quoted by Vanguard Nigeria.

According to CSIRT’s report, the cybercrime attack is what is known as a “Man-in-the-Middle” attack, or a reply attack, in which a threat actor intercepts the radio signal used by car remotes and manipulates the signal in order for the criminal to remotely unlock the car at a later time – like when the owner has lost sight of the vehicle – and gain access.

Some vehicles are more susceptible to these attacks than others, such as certain Honda or Acura models which can be started without ignition keys. These model vehicles can have their engines started wirelessly using the same reply attack method. By the time the owner returns, their car has vanished with no broken glass or alarm bells to tell the owner of what occurred.

“The attack consists of a threat actor capturing the radiofrequency…

Source…

Nigeria blocks 73 million mobile phones in security clampdown

/in


C onstance Chioma calls her son every morning to check that he is safe while studying in northeast Nigeria, a region plagued by deadly attacks by Islamist insurgents and armed kidnappings.

Earlier this month, she could not get through.

She later realised her SIM card was one of about 73 million – more than a third of the 198 million in Nigeria – which have been barred from making outgoing calls because they have not been registered in the national digital identity database.

“I could not concentrate at work; I was uneasy and constantly asking myself if he was safe,” said Chioma, a 57-year-old teacher in Owerri city in southeast Nigeria.

“With the rising insecurity in the north, not speaking with my son makes me afraid.”

Nigeria is among dozens of African countries including Ghana, Egypt and Kenya with SIM registration laws that authorities say are necessary for security purposes, but digital rights experts here say increase surveillance and hurts privacy.

Nigeria has been rolling out 11-digit electronic national identity cards for almost a decade, which record an individual’s personal and biometric data, including fingerprints and photo.

The National Identity Number (NIN) is required to open a bank account, apply for a driver’s license, vote, get health insurance, and file tax returns.

In 2020, Nigeria’s telecommunications regulator said every active mobile phone number must be linked to the user’s NIN. It repeatedly extended the deadline until March 31 this year.

The government said outgoing calls were being barred from April 4 here from any mobile phone numbers that had not complied.

Millions of Nigerians have not registered their SIM cards, for reasons ranging from concerns over privacy here to problems reaching registration centres or not having a NIN.

“There have been no reasonable explanations as to why we have to link NIN to our SIM,” said Nneka Orji, a journalist in southeast Nigeria who has not registered her SIM.

“For that reason, I am not ready to do that,” she told the Thomson Reuters Foundation.

She now relies on WhatsApp to make calls, even though not all of her contacts use the messaging service.

The spokesperson for the government’s National…

Source…