No recent events yet!
ngCERT has observed the resurgence of Tinybanker Malware, also known as “Tinba” or “Zusy”, which is a sophisticated Malware designed to steal sensitive banking information. This Trojan has been used to attack a large number of popular banking websites around the world. Threat actors infiltrate systems primarily through phishing attacks, malicious downloads, and compromised websites. Once inside, it can capture sensitive data which includes login credentials, keystrokes and allow attackers to gain unauthorized access to users' online banking accounts without any of their knowledge using techniques such as Man-in-the-Browser (MITB) attacks, JavaScript Injection, Keylogging, and Packet Sniffing. Tinybanker is the smallest known trojan at 20KB, which makes it much harder to detect; With its source code published online, there is a continuous emergence of new iterations of the malware which makes it to be considered a very destructive malware strain. Individuals and organizations are advise
ngCERT has observed a widespread of the Nymaim malware infections across Nigerian cyberspace. The malware originally designed as a ransomware loader has become a multi-functional threat capable of delivering a variety of malicious payloads, such as banking Trojans, ransomware, and remote access tools (RATs). Known for its stealthy and modular design, Nymaim uses advanced techniques to evade detection and maintain persistence on infected systems. By leveraging social engineering, advanced obfuscation, and modularity, Nymaim poses a significant threat to individuals and organizations. Defending against such threats requires a multi-layered approach, including regular software updates, user awareness, and advanced threat detection tools. As Nymaim continues to evolve, staying vigilant and proactive is essential to mitigate its impact.
ngCERT is aware of an ongoing distribution of a new malware strain dubbed Playfulghost. The malware has been identified as a backdoor that enable attackers to remotely execute a range of activities once a device is infected. Some of the malware capabilities include keylogging, screen capture, audio capture, remote shell, and file transfer/execution features. According to Google's Managed Defense team, the attackers are leveraging popular VPN applications as a delivery mechanism, embedding the malware payload within legitimate applications, and distributing it through Search Engine Optimization (SEO) poisoning and phishing campaigns. The malware poses significant risks, including system takeover, data theft, financial losses, and potential ransomware attacks. ngCERT strongly advises individuals and organizations to take immediate steps to secure their systems and data from this emerging threat.
ngCERT’s attention has been drawn to increased phishing campaigns within Nigeria's cyber ecosystem. These campaigns involve spreading fraudulent, deceptive calls or messages aimed at stealing Personally Identifiable Information (PII) and bank account details of unsuspecting individuals. These phishing messages are usually spread through, emails, SMS, WhatsApp, and other social media platforms mimicking reputable organizations. Successful phishing attacks could result to financial losses, identity theft, and possibly reputational damage among other negative impacts. In this regard, the general public should be mindful of various forms of phishing attacks, particularly during the Yuletide season, while taking proactive steps to stay safe.
ngCERT is aware of a critical zero-day vulnerability affecting all Versa Director, a widely used network management platform. The vulnerability is an Advanced Persistent Threat (APT) linked to the Volt Typhoon Hacking Group (VTHG), it enables unauthorized users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to potentially upload malicious files which could lead to privilege escalation and remote code execution. Exposed management ports leave individuals and organizations vulnerable to unauthorized access, data breaches, and network attacks. This can result in significant loss of sensitive information, financial damage, and compromised system integrity. Individuals and organizations using Versa Director software should promptly take steps to mitigate this exploitation.
