The Nigeria Computer Emergency Response Team (ngCERT) has raised alarms over a new wave of advanced cyberattacks targeting Android mobile phones through a malware campaign dubbed Tria Stealer.

The malicious software is designed to infiltrate Android devices, hijack messaging accounts, intercept One-Time Passwords (OTPs), to steal sensitive personal and financial data.

How Tria Stealer virus works

According to ngCERT, Tria Stealer spreads primarily through deceptive tactics, such as fake event invitations distributed via popular messaging platforms like WhatsApp and Telegram.

Unsuspecting users are enticed to download an infected Android Package Kit (APK) file, often disguised as a harmless system application, to evade detection.

Once installed, Tria Stealer requests extensive permissions, including access to SMS, call logs, and app notifications.

It immediately commences data harvesting activities, sending stolen information to a Command and Control (C2) server operated via Telegram bots.

The malware's capabilities include:

Intercepting OTPs to facilitate bank account hijacking

Initiating fraudulent money transfers using victim identities

Accessing financial and banking applications

Stealing login credentials for identity theft

Installing additional malicious payloads without user consent

How sophisticated is Tria Stealer

ngCERT noted that to evade detection when using antivirus, Tria Stealer employs advanced encryption and obfuscation techniques.

It autonomously reactivates upon device restart, ensuring persistent control over infected systems.

The agency also warned that both individual users and organisations are at significant risk from Tria Stealer, particularly those reliant on mobile messaging platforms for personal or business communications.

The malware's ability to impersonate trusted contacts increases the likelihood of successful infections even among cautious users.

How to prevent falling victim to Tria Stealer

Compromise of Android systems by the Tria Stealer malware could lead to the following:

Account takeover of messaging platforms

Impersonation of victims to request fraudulent money transfers

Compromise of banking and financial applications

Identity theft and credential harvesting

To protect accounts, individuals should:

Download apps only from trusted sources, such as the Google Play Store.

Be cautious of messages requesting app installations.

Use two-factor authentication (2FA) wherever possible to secure accounts.

Install, use, and regularly update mobile antivirus tools.

Organisations should:

Conduct awareness campaigns on the risks of suspicious app installation requests.

Emphasise the dangers of clicking on links received via messaging platforms.

Deploy mobile threat detection solutions for key personnel.

Implement Mobile Device Management (MDM) policies.

Monitor network traffic for suspicious outbound connections to known Command and Control (C2) domains.

NCC warns Nigerians on 5 Google Chrome

Earlier, Legit.ng reported that the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has identified five malicious Google Chrome Extensions.

According to the commission, the extensions surreptitiously track online browser activities and steal users' data.

Others are Full Page Screenshot Capture, Screenshotting, FlipShope Price Tracker Extension, and AutoBuy Flash Sales.

