FRAUD: FG Alerts Nigerians Using Android Phones on Malware Stealing Banking Data

Nigerians have been alerted by the Federal Government about a new and dangerous malware targeting Android users. The Nigeria Computer Emergency Response Team (ngCERT) under the Office of the National Security Adviser issued a warning regarding the Anatsa banking trojan, which is designed to steal financial information from users' phones. This advisory comes in response to increasing reports of cyber threats to bank customers.

The malware, which poses a significant threat to financial security, employs advanced techniques to bypass security measures and display fake login screens. ngCERT has urged Nigerians to be extra cautious when downloading apps from the Google Play Store, as the malware is delivered through malicious apps disguised as legitimate PDF and QR code readers or cleaner apps. These apps initially behave normally but later download, decrypt, and execute the trojan’s payload.

According to ngCERT, the Anatsa trojan exploits Android’s accessibility services to gain complete control over infected devices. Once installed, the trojan can launch phishing attacks with fake login screens to capture banking credentials, record keystrokes, and intercept payment information. The malware can also remotely interact with the device, performing actions such as clicks, scrolls, and swipes, and it can prevent users from accessing certain apps, including security applications. This level of control allows the attackers to steal sensitive information without the user's knowledge.

ngCERT's advisory highlighted that the trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices. The malware establishes a connection with a command and control (C2) server, awaiting instructions from the attacker, which can include stealing data or further manipulating the infected device.