Connect with us

Hi, what are you looking for?


Fast Cleaner App Is Stealing Your Bank Details – NCC Alerts Nigerians

Fast Cleaner App Is Stealing Your Bank Details - NCC Alerts Nigerians
Nigerian Communications Commission (NCC) has alerted the public of a malicious app called ”Fast Cleaner” which claims to be a phone booster and battery saver, saying its main target is to steal users’ banking details on Android devices.

Gatekeepers News reports that the NCC Director of Public Affairs, Ikechukwu Adinde issued the warning in a statement published on the commission’s website on Saturday.

Adinde said the NCC Computer Security Incident Response Team (CSIRT) discovered the Fast Cleaner app contains malware named ‘Xenomorph’.

He explained that the application’s main operation is to steal credentials, combined with the use of SMS and notification interception to log in and use potential two-factor authentication tokens.

“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called ‘Fast Cleaner’ ostensibly meant to clear junk, increase device speed and optimize the battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

“To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

“The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.

“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them,” the statement reads.

Adinde quoted a security advisory from the NCC CSIRT, as saying the malware has a high impact and high vulnerability rate.

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services,” the statement adds.

“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads.”

The NCC urged telecom consumers to use trusted antivirus solutions and update them regularly to their latest definitions.

The commission also asked consumers and other stakeholders to always update banking applications to their most recent versions.

You May Also Like