This disclosure was made recently by the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) as they issued the warning informing Nigerians.
Telegram: NCC raises alarm over fresh malware threats that attack victim's VPN
Telegram users across the country have been warned to enable the two-factor authentication security systems on their devices to avoid attacks by malware.
Recommended articles
The CSIRT is the cyber security incidence center of the Nigerian communications commission with the main focus of checking and following up on incidents in the telecom sector and as they may affect telecom consumers in Nigeria and citizens at large.
The body announced the discovery of a new attack that targets and compromises VPN (Virtual Private Network) in victims’ accounts with the main aim of infiltrating the popular messaging app, Telegram.
“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.
“Once inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program,” the report stated.
Telegram users were thus advised by the NCC to enable the two-factor authentication security process to protect their accounts and also, to avoid downloading any unknown Advanced IP Scanner Software.
More information from the NCC-CSIRT concerning the attack revealed it was first discovered by Ukrainian cyber experts noting that the malware uses Vidar Malware (Vidar Stealer) to steal Telegram session data.
These attacks become operational when users fail to enable the two-factor security authentication or use a passcode, thus giving grounds for a victim’s personal or corporate Telegram account or network to be accessed illegally.
All devices across iOS, Android, Linux, Mac and Windows Operating Systems are subject to attack from the malware.
JOIN OUR PULSE COMMUNITY!
Eyewitness? Submit your stories now via social or:
Email: eyewitness@pulse.ng