By
The Nigerian Communications Commission (NCC) has raised an urgent warning about a dangerous malware called Xenomorph, which targets Android users. This malware installs a Trojan on banking apps to steal login details, access bank accounts, and even read users’ SMS messages.
The NCC’s Computer Security Incident Response Team (NCC-CSIRT) issued the alert after learning from cybersecurity experts that Xenomorph hijacks login information and steals two-factor verification codes often sent by text, allowing criminals to raid bank accounts.
The malware works by placing fake login screens over real banking apps, tricking users into giving up their information. It also makes itself difficult to uninstall by gaining control of device permissions.
To protect themselves, the NCC advises users with infected devices to search for the app and remove it right away. If that doesn’t work, a factory reset may be needed, though it’s important to back up files first.
The NCC also offers the following tips to avoid malware: only download apps from the Google Play Store, check the app’s developer and review its download count, and look for clear descriptions without grammar or spelling errors. Using Google Play Protect, which scans for malware, is also recommended.
The NCC-CSIRT is working with the Nigeria Cybersecurity Emergency Response Team (ngCERT) to fight this growing threat and protect the country’s digital space.
This alert highlights the importance of staying cautious and ensuring personal information is safe from online threats.
