Malware: If there is anything users of android devices should dread it is Schoolyard Bully malware. The malware is known for stealing of Facebook account credentials.
Recently, it attacked over 300,000 android devices, leaving the victims in disarray and disillusioned. Researchers from mobile security firm, Zimperium, found that several apps that transmit the “Schoolyard Bully” malware, disguise themselves as reading and educational apps with a variety of books and topics for their victims to study.
Following this anomie, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) issued an advisory reminding users of android devices to only download applications from official sites and application stores.
The NCC-CSIRT advisory also recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store and to use anti-malware applications to routinely scan their devices for malware.
The malicious apps were available on Google Play, yet they have already been taken down. However, they still spread via third-party Android app shops.
The primary objective of the malware, which affects all versions of Facebook Apps for Android, is to steal Facebook account information, including the email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).
According to NCC-CSIRT, “The (Zimperium) research stated that the malware employs JavaScript injection to steal the Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView maps website elements that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, email address, and password), then send it to the command-and-control server”.
Furthermore, the malware uses native libraries to evade detection and analysis by security software and machine learning technologies.
The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large
The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.
Malware, is an abridged word for malicious software. It refers to any intrusive software developed by hackers to steal data and damage computer systems. There are about seven popular malwares known worldwide, including:
Virus: Viruses are malicious software attached to a document or file that supports macros to execute its code and spread from host to host. Once downloaded, the virus will lay dormant until the file is opened and in use. Viruses are designed to disrupt a system’s ability to operate. As a result, viruses can cause significant operational issues and data loss.
Worms: Worms are a malicious software that rapidly replicates and spreads to any device within the network. Unlike viruses, worms do not need host programs to disseminate. A worm infects a device via a downloaded file or a network connection before it multiplies and disperses at an exponential rate. Like viruses, worms can severely disrupt the operations of a device and cause data loss.
Trojans: Trojan viruses are disguised as helpful software programs. But once the user downloads it, the Trojan virus can gain access to sensitive data and then modify, block, or delete the data. This can be extremely harmful to the performance of the device. Unlike normal viruses and worms, Trojan viruses are not designed to self-replicate.
Spyware: Spyware runs secretly on a computer and reports back to a remote user. Rather than simply disrupting a device’s operations, spyware targets sensitive information and can grant remote access to predators. Spyware is often used to steal financial or personal information. A specific type of spyware is a keylogger, which records your keystrokes to reveal passwords and personal information.
Adware: Adware is a malicious software hackers use in collecting data on computers and provide appropriate advertisements to users. While adware is not always dangerous, in some cases adware can cause issues for one’s system. Adware can redirect your browser to unsafe sites, and it can even contain Trojan horses and spyware. Additionally, significant levels of adware can slow down your system noticeably. Because not all adware is malicious, it is important to have protection that constantly and intelligently scans these programs.
Ransomeware: Ransomware is malicious software that gains access to sensitive information within a system, encrypts that information so that the user cannot access it, and then demands a financial payout for the data to be released. Ransomware is commonly part of a phishing scam. By clicking a disguised link, the user downloads the ransomware. The attacker proceeds to encrypt specific information that can only be opened by a mathematical key they know. When the attacker receives payment, the data is unlocked.
Responding appropriately to Malware attacks requires having defenses and antivirus solutions that provide significant visibility and breach detection. In order to remove malware, a user must be able to identify malicious actors quickly. This requires constant network scanning. Once the threat is identified, the user must remove the malware from the system immediately.