A wave of sophisticated cyberattacks through a malware campaign dubbed Tria Stealer is targeting Android devices, according to the Nigerian Computer Emergency Response Team (ngCERT).
According to ngCERT, Tria Stealer is being spread via fake wedding or event invitations shared through messaging platforms like WhatsApp and Telegram.
“The malware is also capable of intercepting OTPs to hijack user accounts; impersonating victims to request fraudulent money transfers; gaining access to financial and banking apps; stealing login credentials for identity theft; and installing additional malicious payloads without user consent,” it said in an advisory.
This malicious software is described as highly evasive and is being used to hijack WhatsApp and Telegram accounts, intercept One-Time Passwords (OTPs), and steal sensitive personal and financial data.
ngCERT noted that both individuals and organisations are at risk of falling victim to this malware, especially those who frequently use mobile messaging platforms for personal or business communication.
Unsuspecting users are lured into downloading an infected Android Package Kit (APK) file, which, once installed, disguises itself as a legitimate system app to bypass detection.
Read also: Top 10 cyberattacks that targeted African organisations in 2024
How Tria Stealer works
When Tria Stealer is active on a device, it requests access to critical phone functions, which include SMS, call logs, and app notifications, and starts to harvest data.
It further transmits the information obtained to a Command and Control (C2) server operated via Telegram bots.
The malware uses encryption and obfuscation techniques to remain hidden from antivirus software, and it automatically reactivates whenever the device is restarted, ensuring it maintains control over the system.
Here is how to stay safe from the malware
The ngCERT has advised individuals to only download apps from trusted sources, such as the Google Play Store, and to avoid clicking on unsolicited event invitations or app installation requests, even from known contacts.
Users should also enable two-factor authentication (2FA) on all messaging and banking apps, install and regularly update mobile antivirus software, and limit app permissions, especially for apps not from official stores.
Organisations can launch employee awareness campaigns around the dangers of APK-based malware.
There should be emphasis on the risks of clicking links in messaging apps, even if they appear to come from colleagues or friends. They should also deploy mobile threat detection software for key personnel and executives.
Organisations can use Mobile Device Management (MDM) tools to enforce security policies on corporate devices and monitor network traffic for suspicious connections to known malware control servers.
