The Nigerian Communications Commission through its Computer Security Incident Response Team has reported a new way hackers use to attack people’s social media accounts.
According to a discovery made by Ukrainian cyber experts, the attack originated from suspected Russian threat actors that compromises victims’ VPN (Virtual Private Network) accounts to access and encrypt networked resources.
The Researchers claim the attack which uses Vidar Malware (Vidar Stealer) to steal Telegram session data, which in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s telegram account and corporate account or network.
Based on this, NCC is advising Telegram users in Nigeria to enable the Two-Factor authentication (2FA) security to protect their accounts and to avoid downloading unknown Advanced IP Scanner Software.
Vidar Stealer is a malware specialized in stealing information mainly distributed as spam mail or crack version commercial software and keygen program. For those curious, you can learn more about the malicious application which aims at stealing banking and crypto wallets information, as well as other login credentials, IP addresses and browsing history.
The Ukrainian Computer Emergency Response Team (CERT) has claimed that a Somnia Ransomware was developed specifically for use on Telegram in an attempt to fool users into downloading an installer that seems to be ‘Advanced IP Scanner’ software but actually includes Vidar Malware. The Vidar stealer is installed by the installer, which then steals the victim’s Telegram session data in order to take over the account.
“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.
“Once inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program,” it added.
The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.
1 Comment
Pingback: NCC warns Android device owners of yet another dangerous malware, Schoolyard Bully Trojan - Innovation Village | Technology, Product Reviews, Business