No recent events yet!
ngCERT is issuing an urgent security advisory regarding a critical vulnerability within Microsoft Windows Wi-Fi drivers, designated as CVE-2024-30078. This severe Remote Code Execution (RCE) flaw affects all current Microsoft Windows versions, with particular emphasis on Windows 10 and 11. An attacker, without requiring authentication, can exploit this vulnerability by transmitting a malicious network message to a vulnerable Wi-Fi driver, leading to arbitrary code execution on the target system. This may result in unauthorized malware installation, complete system compromise, and the potential theft or manipulation of sensitive information. Users are strongly advised to implement the latest security updates from Microsoft, addressing this critical issue.
ngCERT is aware of the resurgence of Andromeda malware, also known as Gamarue, Wauchos, and Andromeda Stealer, which is a dangerous Trojan horse with multiple malicious capabilities. This malware has been used by threat actors to create a network of infected computers, known as Andromeda Botnet, which can be used to launch further attacks by distributing other malwares such as ransomwares, banking Trojans, Distributed Denial of Service (DDos), spam bot and backdoor. Despite the takedown of the Andromeda botnet by US and Europe law enforcement agencies in 2017, new variants have been detected, infecting systems worldwide, including Nigeria. ngCERT advises individuals and organisations to take immediate steps to protect their systems and data from Andromeda and other malware threats.
Grandoreiro, a multi-component banking trojan that runs as Malware-as-a-Service (MaaS), is targeting more than 1,500 banks globally. According to reports, the malware has infected banking applications and websites in more than 60 countries, including Central and South America, Africa, Europe, and the Indo-Pacific. Investigation further revealed that the malware has infected more than 41 banking applications in Nigeria. The new version includes significant changes such as string decryption and DGA calculation, allowing at least 12 different C2 domains per day. Grandoreiro's attack chain includes obtaining email addresses from affected hosts and delivering more phishing attempts through the Microsoft Outlook client. Cybercriminals could use the software to gather sensitive financial data, potentially resulting in financial losses. This underscores the need for network and system administrators as well as device users to emplace safeguards to prevent likely attacks.
Security investigations revealed that a self-propagating USB malware released in 2020, is still active and spreading across systems worldwide, through infected USB drives. Monitoring of the PlugX worm variant revealed that about 2.5 million IP addresses were infected, in over 170 countries including Nigeria and over 100,000 unique IPs still send daily requests to the sinkhole, indicating that the botnet remains active. It is worthy to note that 15 out of the 170 countries affected by the malware spread, account for 80% of the infections recorded, Nigeria inclusive.
A new evolving malware family that targets mobile banking apps on Android smartphones has been discovered. The android trojan dubbed Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware. Brokewell is capable of device takeover, remote control, data exfiltration and monitoring capabilities. Furthermore, the malware has the capability to bypass Android 13, 14, and 15 restrictions, while deploying phishing tactics such as fake browser updates as a means to trick targets into downloading and installing a version of the malware.
