The Computer Emergency Readiness and Response Team unit of the National Information Technology Development Agency (NITDA CERRT) has warned that Nigeria and other developing countries are prime targets of a malicious malware attack ‘MoneyMonger’.
In an advisory released by the unit, it said hackers are taking advantage of money-lending apps to carry out a malware campaign called ‘MoneyMonger’, aimed at blackmailing users into meeting up with certain demands, else they risk having their private information revealed to the public.
According to the advisory, developing countries like Nigeria are prime targets for dodgy loan apps and this has created an avenue for hackers to exploit. Although none of the 33 apps used in the deceptive scheme has been distributed through the Google Play Store, they have been distributed through unofficial app stores, smishing (SMS Phishing), rogue adverts, compromised websites and social media campaigns.
The campaign has reportedly racked up over 100,000 downloads.
Listing the impact of the malware campaign, the advisory elucidated that once the malware is installed, it harvests and uploads a wide range of private information from the victim’s device onto its server. The collected data includes GPS locations, text messages, contacts, call logs, files, photos and audio recordings amongst others. This information is then used to blackmail the victim into paying excessively high-interest rates.
Recommending preventive measures, the advisory advised Nigerians to install up-to-date anti-malware applications on mobile devices, install applications from trusted sources, read reviews before downloading any app, beware of what information the app collects from their device and refrain from clicking on suspicious links.