The Nigerian Communications Commission (NCC), through its Computer Security Incident Response Team (CSIRT), has advised Nigerians using Samsung phones to update the Galaxy Store application immediately to avoid cyberattacks.
The heads-up is due to the discovery of multiple vulnerabilities in the Samsung Galaxy App Store application, which can result in unwanted app installations and code execution.
The NCC-CSIRT revealed that Ken Gannon, a cybersecurity researcher from NCC Group, detected the infiltration in the Galaxy App Store application on Samsung devices that are running Android 12 and older.
As the NCC-CSIRT warned that cybercriminals are continuously devising new means of compromising their targets, they explained;
“We advise phone and computer users advised users not open files from people they do not know, not to click ‘OK’ and immediately exit the application if they receive a warning that opening an attachment or link can damage their computer or files and to promptly share an unknown email they believe to be genuine with a security or Windows administrator to assist in determining whether the file is secure.”
Read More; NCC warns against participating in viral TikTok challenge
What is NCC-CSIRT saying about the cyberattacks?
The NCC-CSIRT aims to raise awareness about cybersecurity and provide the public with general knowledge and tools required for online safety; it has informed Samsung users to update the Galaxy Store application and users should refrain from giving out their sensitive details on any untrusted platforms.
The CSIRT explained that although some of the 450,000 malicious apps have been removed, others are still quite active on the store.
Some active malicious apps are games or investment services designed to infiltrate sensitive user information. They include; Golden Hunt, Reflector, Seven Golden Wolf Blackjack, Unlimited Score, Big Decisions, Jewel Sea, Lux Fruits Game, Lucky Clover, King Blitz, and Lucky.
In addition to the above instructions, the team reported that the cybersecurity analysts at ASEC (South Korea’s cybersecurity emergency response centre) have also unearthed NetSupport RAT malware being dispersed by threat actors from a hacking website under the disguise of a popular Pokemon card game.
- The malware is a remote access tool that easily controls its victims’ Personal Computers. It may allow the attackers to remotely control the compromised computer’s mouse and keyboard, access the system’s file management and history and even execute commands allowing them to install additional malware.
- According to the researcher, the CRAFTED website that spread the malware is still online. It claims to be home to a new NFT card game built around the Pokemon franchise, offering users strategic fun together with NFT investment profits.
The analysts elucidated how users can be stripped of sensitive information. After the installation and opening of the app, a remote server will automatically be notified and synced on the instructions on what to do next. These instructions will include hacking into pages that will be displayed to unsuspecting users to strip them of their sensitive information.
Read More; NCC Announces Publication of Final Information Memorandum on 3.5GHz Spectrum Auction