Connect with us

Tech

NCC warns of Fast Cleaner app used to steal users’ bank details

Published

on

NCC warns of Fast Cleaner app used to steal users’ bank details

The Nigerian Communications Commission (NCC) has reportedly accused ‘Fast Cleaner app’ of stealing bank details of unsuspecting users.

This was contained in a statement signed by Ikechukwu Adinde, NCC director of public affairs, and made available on the commission’s website.

The director warned the public of what is thought to be a hidden agenda of the developers of the android app.

Although the app claimed to be an optimization and maintenance app that allows users easily free up space on their device, Adinde alleged that the “malicious app” steals users’ banking app login credentials upon download and launch on Android devices.

According to Adinde, the discovery was made by the NCC Computer Security Incident Response Team (CSIRT), after noticing that the app contained a malware named ‘Xenomorph’.

“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently,” the director alleged.

He added: “To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

Read also: NCC confirms MTN, Mafab Communications’ payment of $276.3m each for 5G licences

“The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.

“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.”

The commission, however, noted that though the app has been removed from the Play Store, users should be more discreet in downloading apps and stay alert in order not to fall victim to similar manipulations.

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now