"Delete Immediately": FG Alerts Nigerians Using Android Phones on Malware Stealing Banking Data

"Delete Immediately": FG Alerts Nigerians Using Android Phones on Malware Stealing Banking Data

  • The ngCERT has urged Nigerians to be careful when downloading certain apps from Google Playstore
  • The government agency warns there is now a malware stealing financial information from user’s phone
  • The malware employs advanced techniques to bypass security measures and display fake login screens

Legit.ng journalist Dave Ibemere has over a decade of business journalism experience with in-depth knowledge of the Nigerian economy, stocks, and general market trends.

The Nigeria Computer Emergency Response Team (ngCERT) under the Office of the National Security Adviser has warned Nigerians who use Android devices about a malware called Anatsa banking trojan.

The malware is specifically designed to target banking apps and steal financial information from users.

Nigerian banking apps
Nigerians asked to be careful when downloading apps Photo credit: Evgeniia Siiankovskaia
Source: Getty Images

The malware threats were disclosed in a released advisory by the organisation and have come in response to increasing reports of cyber threats to bank customers.

Read also

“Refrain from unauthorised agents” DisCo begins sharing metres, sends message to customers

PAY ATTENTION: Share your outstanding story with our editors! Please reach us through info@corp.legit.ng!

How Anatsa banking trojan works

According to ngCERT, the Anatsa trojan exploits Android’s accessibility services to gain complete control over infected devices.

Once installed, ngCERT warns that the trojan can launch phishing attacks with fake login screens to capture banking credentials, record keystrokes, and intercept payment information.

The trojan malware can also remotely interact with the device, performing clicks, scrolls, and swipes, and it can prevent users from accessing certain apps, including security applications.

ngCERT said:

Once installed, ngCERT warns that the trojan can launch phishing attacks with fake login screens to capture banking credentials, record keystrokes, and intercept payment information.
"The malware can also remotely interact with the device, performing actions such as clicks, scrolls, and swipes, and can prevent users from accessing certain apps, including security applications

Read also

SEC to monitor weekly cryptocurrency transactions after suspending Binance services, others

"The trojan is delivered through malicious apps that appear to be legitimate PDF and QR code readers or cleaner apps. These apps initially behave normally until they secretly download, decrypt, and execute the trojan’s payload, bypassing the restricted settings for accessibility services, mostly in Android 13.
"This payload then establishes a connection with a command and control (C2) server, awaiting instructions from the attacker."

It added that the trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices.

How do you protect your phone against malware?

ngCERT said:

"The Anatsa banking trojan represents a significant threat to the financial security of Android users.
"We urge everyone to exercise caution and follow the recommended guidelines to safeguard their personal and financial information."

NgCERT has asked Nigerians using Android devices to do the following to protect their devices.

Read also

“Fraud Alert”: FG raises alarm on increased virus attacks on Nigerians and businesses

Avoid installing untrusted apps:

Only download apps from trusted sources, and carefully review the app ratings and user feedback on the Google Play Store.

Be wary of unnecessary permissions:

Exercise caution with apps requesting excessive permissions, particularly those related to accessibility services or the installation of unknown apps.

Uninstall suspicious apps:

If you suspect an app contains the Anatsa trojan, uninstall it immediately and thoroughly scan your device with a reputable antivirus application.

Monitor banking activity:

Regularly change banking passwords and closely monitor account activity. Report any suspicious transactions to your financial institution promptly.

NCC warns Nigerians on 5 Google Chrome

Legit.ng reported that the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has identified five malicious Google Chrome Extensions.

According to the commission, the extensions surreptitiously track online browser activities and steal users’ data.

Source: Legit.ng

Authors:
Dave Ibemere avatar

Dave Ibemere (Senior Business Editor) Dave Ibemere is a senior business editor at Legit.ng. He is a financial journalist with over a decade of experience in print and online media. He also holds a Master's degree from the University of Lagos. He is a member of the African Academy for Open-Source Investigation (AAOSI), the Nigerian Institute of Public Relations and other media think tank groups. He previously worked with The Guardian, BusinessDay, and headed the business desk at Ripples Nigeria. Email: dave.ibemere@corp.legit.ng.