Saturday, July 4, 2026

NCC warns Nigerians against banking app-targeting malware

Xenomorph can harvest device information and SMS, intercept notifications and new SMS, perform overlay attacks and prevent users from uninstalling it.

• February 27, 2022
Nigerian Communications Commission
Nigerian Communications Commission

The Nigerian Communications Commission has discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices, the NCC spokesperson, Ikechukwu Adinde, disclosed in a statement on Sunday.

Discovered by the NCC’s Computer Security Incident Response Team, the malware steals credentials, combined with the use of SMS and notification interception to log in and use potential two-factor authentication tokens.

“A security advisory from the NCC CSIRT said the malicious software called ‘Xenomorph’, found to target 56 financial institutions across Europe, had a high impact and high vulnerability rate.

“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimise the battery.

“Fast Cleaner was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“This is to avoid early detection or being denied access to the Playstore,” he said.

He further explained that once up and running on a victim’s device, Xenomorph can harvest device information and SMS, intercept notifications and new SMS, perform overlay attacks and prevent users from uninstalling it.

“The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” he said.

Mr Adinde said that the commission had advised telecom consumers to be on alert in order not to fall victims of this manipulation.

He urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted Antivirus solutions and update them regularly to their latest definitions.

(NAN)

We have recently deactivated our website's comment provider in favour of other channels of distribution and commentary. We encourage you to join the conversation on our stories via our Facebook, Twitter and other social media pages.

More from Peoples Gazette

farmers

Agriculture

FG tasks ECOWAS on leveraging financing strategies for agroecology

The federal government has urged stakeholders in the agriculture and finance sectors in the West Africa region to leverage financing strategies to enhance agroecology practices

Katsina State

Politics

Katsina youths pledge to deliver over 2 million votes to Atiku

“Katsina State is Atiku’s political base because it is his second home.”

States

Benue: Troops kill suspected terrorist in gunfight

“One terrorist was neutralised, while troops recovered one AK-47 rifle and two empty magazines from the scene,” Mr Zubairu said.

Egypt vs Australia

Sport

Egypt edge Australia on penalties to make historic World Cup round of 16 berth

Egypt will face the winners of the round of 32 match between Argentina and Cape Verde later today.

Health

Bundibugyo Ebola outbreak now largest on record as cases top 1,400: WHO

Mr Janabi described the outbreak as one of Africa’s most serious public health emergencies this year.

Bauchi State governor, Bala Mohammed

Health

Bauchi govt begins rural-based campaign against waterborne diseases

Mr Mohammed said health education officers in the state’s 20 local government areas had been directed to carry out the exercise.

Voters registering

Hot news Home top

INEC extends voter registration, launches self-service portal

INEC said the extension followed feedback received from its state offices, political parties, civil society organisations, and other stakeholders.

ROAD CRASH

States

Wheelbarrow pusher killed in Rivers road crash

The spokesperson for the state police, ASP Blessing Agabe, said the driver had been arrested.