No recent events yet!
ngCERT has identified a malware tagged Necurs, a family of malware containing rootkit capabilities that was used to form one of the world’s largest criminal botnets. Necurs has both a user and kernel mode component used to access systems at the root level and dynamically load additional modules. It is distributed via exploit kits as well as through other malware such as the Zeus Trojan and has been used to deliver Dridex trojan and Locky malware through spam campaigns. Enforcing a strong password policy and implementing regular password changes as well as enabling a personal firewall on workstation could mitigate Necurs malware effects.
ngCERT is aware of the discovery of “Cobalt Strike Beacon” malware on Nigeria cyberspace. Cobalt Strike Beacon is the central payload of the commercial Cobalt Strike red-team framework, originally designed for penetration testing but increasingly abused by threat actors. The Beacon is a versatile and stealthy implant that provides attackers with command-and-control (C2) capabilities, post-exploitation tools, and the ability to persist in target networks. Its modularity, encryption features, and ability to mimic legitimate traffic make it one of the most commonly observed payloads in advanced cyber intrusions. While a legitimate security tool, Cobalt Strike has been weaponized by ransomware operators, state-backed advanced persistent threats (APTs), and financially motivated cybercriminals. Its widespread misuse has made it a critical security concern for governments, enterprises, and research institutions worldwide.
ngCERT is aware of a persistent “AdLoad” malware infiltrating macOS through deceptive installers and bypasses Apple’s native security protections. Once installed, it hijacks browsers, injects unwanted advertisements, and collects user data while embedding itself deeply via launch agents, login items, and configuration profiles to maintain persistence. Detecting AdLoad can be challenging due to its stealthy nature and use of legitimate system mechanisms. Manual detection involves inspecting login items, system profiles, and startup agents, but these methods may miss advanced variants. Proactive monitoring, regular audits, and user education are essential to mitigate risk and protect system integrity. The malware exemplifies the increasing sophistication of macOS threats, making layered defense and timely detection critical to maintaining secure computing environments.
ngCERT has identified malware tagged android.badbox2. The malware, also known as BadBox 2.0, is a large-scale Android malware supply chain threat which involves the pre-infection of consumer devices. The malware is embedded into the system firmware before the device reaches consumers, making it resistant to removal. Low-cost Android devices using the Android Open Source Project (AOSP), such as Android tablets, connected TV (CTV) devices, digital photo frames, phones etc., are often targeted. This malware enables activities like remote code execution, account abuse, and ad fraud. Organisations and individuals are advised to stay vigilant and prioritise device hygiene to mitigate Android.BadBox2 risks
ngCERT is aware of a critical vulnerability referred to as Directory Traversal vulnerability. Directory Traversal also known as Path traversal or directory climbing, is a web application server flaw that enables attackers to gain unauthorized access to files and directories on a server by manipulating file paths. This flaw arises from weak input validation, which allows attackers to navigate outside the designated directory structure. The severity of the impact can vary, however, it often results in significant consequences such as data breaches or unauthorised system access. Additionally, following best practices like regular vulnerability testing, code audits, and implementing access control is essential for preventing exploitation.
