Cybercriminals Targeting Federal Government Agencies Through Log4j Vulnerability
Cybercriminals Targeting Federal Government Agencies Through Log4j Vulnerability
  • Alert & Advisory
  • November 28, 2022

Following the publication of the advisory with ID - NGCERT-2021-0062 on the Apache Log4j Remote Code Execution Vulnerability on the 20th of December 2021, a U.S. Federal Government entity's network was compromised by a suspected Iranian threat actor, according to Cybersecurity and Infrastructure Security Agency (CISA). This threat actor took advantage of an unpatched VMware Horizon server to insert malware.

Cloud9 Botnet Hijacking Web Browsers and Compromising Windows Operating System
Cloud9 Botnet Hijacking Web Browsers and Compromising Windows Operating System
  • Alert & Advisory
  • November 14, 2022

Two Cloud9 malware variants have been discovered in the wild, one of which is a significantly improved version of the other (with added features and bug fixes) that affects web browsers. Cloud9 is a malicious web browser extension that targets a variety of browsers. It can introduce malware into a device and functions similarly to a Remote Access Trojan (RAT), allowing the threat actor to remotely control a device.

Malware-laden Apps Discovered on Google Play Store
Malware-laden Apps Discovered on Google Play Store
  • Alert & Advisory
  • November 4, 2022

The Nigeria Computer Emergency Response Team (ngCERT) has continued to observe and monitor the constant introduction of malicious mobile applications into Google Play Store. Recently, a group of apps created by 'Mobile Apps Group' were discovered to contain Trojans and adware that are harmful to users and their privacy. Mobile apps Group has a history of distributing malware-infected apps through the Google Play store, and the current batch of apps has already been downloaded over a million times.

Unofficial WhatsApp Android app Stealing User’s Accounts
Unofficial WhatsApp Android app Stealing User’s Accounts
  • Alert & Advisory
  • October 28, 2022

A Triada Trojan was discovered in a version of the YoWhatsApp app (version 2.22.11.75) that was being distributed. YoWhatsApp is an unofficial modification of the world's most popular messenger app, WhatsApp, and its popularity stems from the additional features it offers, such as a customisable interface and chat blocking. Triada is a mobile Trojan that actively uses root privileges to replace system files and employs several clever techniques to remain almost invisible.

Increased Cases of Accounts Takeover in Nigeria
Increased Cases of Accounts Takeover in Nigeria
  • Alert & Advisory
  • October 11, 2022

A series of Account Takeover (ATO) incidents have been reported to Nigeria's ngCERT. An ATO attack occurs when cybercriminals gain access to a user's credentials in order to compromise the user's account. This poses numerous risks to the individual and the organization that he or she represents, as it provides a breeding ground for future attacks for cybercriminals. They frequently change the user credentials once inside, effectively locking the user out.

Related Articles