ANDROMEDA MALWARE INFILTRATION DISCOVERED
ANDROMEDA MALWARE INFILTRATION DISCOVERED
  • Alert & Advisory
  • June 6, 2024

ngCERT is aware of the resurgence of Andromeda malware, also known as Gamarue, Wauchos, and Andromeda Stealer, which is a dangerous Trojan horse with multiple malicious capabilities. This malware has been used by threat actors to create a network of infected computers, known as Andromeda Botnet, which can be used to launch further attacks by distributing other malwares such as ransomwares, banking Trojans, Distributed Denial of Service (DDos), spam bot and backdoor. Despite the takedown of the Andromeda botnet by US and Europe law enforcement agencies in 2017, new variants have been detected, infecting systems worldwide, including Nigeria. ngCERT advises individuals and organisations to take immediate steps to protect their systems and data from Andromeda and other malware threats.

GRANDOREIRO BANKING TROJAN TARGETS OVER 41 BANKING APPS IN NIGERIA
GRANDOREIRO BANKING TROJAN TARGETS OVER 41 BANKING APPS IN NIGERIA
  • Alert & Advisory
  • May 27, 2024

Grandoreiro, a multi-component banking trojan that runs as Malware-as-a-Service (MaaS), is targeting more than 1,500 banks globally. According to reports, the malware has infected banking applications and websites in more than 60 countries, including Central and South America, Africa, Europe, and the Indo-Pacific. Investigation further revealed that the malware has infected more than 41 banking applications in Nigeria. The new version includes significant changes such as string decryption and DGA calculation, allowing at least 12 different C2 domains per day. Grandoreiro's attack chain includes obtaining email addresses from affected hosts and delivering more phishing attempts through the Microsoft Outlook client. Cybercriminals could use the software to gather sensitive financial data, potentially resulting in financial losses. This underscores the need for network and system administrators as well as device users to emplace safeguards to prevent likely attacks.

Self-Spreading PlugX USB Drive Malware Infecting Systems Worldwide.
Self-Spreading PlugX USB Drive Malware Infecting Systems Worldwide.
  • Alert & Advisory
  • May 20, 2024

Security investigations revealed that a self-propagating USB malware released in 2020, is still active and spreading across systems worldwide, through infected USB drives. Monitoring of the PlugX worm variant revealed that about 2.5 million IP addresses were infected, in over 170 countries including Nigeria and over 100,000 unique IPs still send daily requests to the sinkhole, indicating that the botnet remains active. It is worthy to note that 15 out of the 170 countries affected by the malware spread, account for 80% of the infections recorded, Nigeria inclusive.

Brokewell Malware Targeting Android Banking Applications
Brokewell Malware Targeting Android Banking Applications
  • Alert & Advisory
  • May 14, 2024

A new evolving malware family that targets mobile banking apps on Android smartphones has been discovered. The android trojan dubbed Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware. Brokewell is capable of device takeover, remote control, data exfiltration and monitoring capabilities. Furthermore, the malware has the capability to bypass Android 13, 14, and 15 restrictions, while deploying phishing tactics such as fake browser updates as a means to trick targets into downloading and installing a version of the malware.

OS Command Injection Vulnerability in GlobalProtect
OS Command Injection Vulnerability in GlobalProtect
  • Alert & Advisory
  • April 25, 2024

Security researchers identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS. The vulnerability allows the threat actor to remotely exploit the firewall device, create a reverse shell, and download further tools onto the device. The attacker focused on exporting configuration data from the devices, and then leveraging it as an entry point to move laterally within the victim organizations. Accordingly, users of Palo Alto products in Nigeria are advised to upgrade their products to the latest versions as recommended.

Related Articles