*The Nigerian Communications Commission’s Computer Security Incident Response Team, in its alert and advisory, urges consumers to adopt two-factor authentication to protect their Telegram accounts, and not download unknown Advanced IP Scanner Software

Isola Moses | 绿帽献妻

As part of the Commission’s consumer protection measures and in response to the discovery of a new attack compromising victims鈥� VPN (Virtual Private Network) accounts to affect messaging app Telegram, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users to adopt two-factor authentication to protect their Telegram accounts.

绿帽献妻 reports the telecoms sector regulator urged consumers to not download unknown Advanced IP Scanner Software.

Photo: Twitter Mobile

Mr. Reuben Muoka, Director of Public Affairs at NCC, in a statement explained the Ukrainian cyber experts discovered the attack, which uses Vidar Malware (Vidar Stealer) to steal Telegram session data, which in the absence of configured two-factor authentication and a passcode, allows unauthorised access to the victim’s Telegram account and corporate account or network.

READ ALSO Digital Economy: Pantami Activates Landmark Broadband Projects, Presents Book

The NCC-CSIRT also said the malware, which exploits unauthorised access to users鈥� Telegram accounts and corporate accounts to steal data, targets platforms across iOS, Android, Linux, Mac and Windows Operating Systems (OS).

The advisory stated: 鈥淭he Ukrainian CERT alleged that a Somnia Ransomware was created to be used on Telegram that tricks users to download an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware.

READ ALSO 5G Networks: NCC Releases Final Information Memorandum For 3.5GHz Spectrum Auction

“The installer infects the system with the Vidar stealer, which steals the victim’s Telegram session data to take control of their account.”

The NCC-CSIRT alert and advisory also said: 鈥淭he threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates).

“If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorised access to the victim’s employer’s corporate network.”

RELATED Cybersecurity: NCC-CSIRT Identifies 2 Cyber Vulnerabilities, Offers Measures For Consumer Protection

It further noted: 鈥淥nce inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program.”

The CSIRT is the telecom sector鈥檚 cybersecurity incidence centre set up by the NCC to focus on incidents in the telecoms sector and as they may affect telecom consumers and citizens at large.

RELATED: Danbatta Restates NCC鈥檚 Commitment To Broadband, Consumer Protection, Digital Economy

The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Kindly Share This Story