This disclosure was made recently by the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) as they issued the warning informing Nigerians.
Telegram: NCC raises alarm over fresh malware threats that attack victim's VPN
Telegram users across the country have been warned to enable the two-factor authentication security systems on their devices to avoid attacks by malware.
Telegram Arriens/NurPhoto via Getty Images
Recommended articles
![The major issue is the absence of uninterrupted power (Image used for illustrative purpose) [Getty Images]](data:image/svg+xml;charset=utf8,%3Csvg%20xmlns%3D'http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg'%20width%3D'100'%20height%3D'100'%20data-ring-placeholder%3D'1'%3E%3C%2Fsvg%3E "The major issue is the absence of uninterrupted power (Image used for illustrative purpose) [Getty Images]")
The CSIRT is the cyber security incidence center of the Nigerian communications commission with the main focus of checking and following up on incidents in the telecom sector and as they may affect telecom consumers in Nigeria and citizens at large.
The body announced the discovery of a new attack that targets and compromises VPN (Virtual Private Network) in victims’ accounts with the main aim of infiltrating the popular messaging app, Telegram.
“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.
ADVERTISEMENT
“Once inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program,” the report stated.
Telegram users were thus advised by the NCC to enable the two-factor authentication security process to protect their accounts and also, to avoid downloading any unknown Advanced IP Scanner Software.
More information from the NCC-CSIRT concerning the attack revealed it was first discovered by Ukrainian cyber experts noting that the malware uses Vidar Malware (Vidar Stealer) to steal Telegram session data.
These attacks become operational when users fail to enable the two-factor security authentication or use a passcode, thus giving grounds for a victim’s personal or corporate Telegram account or network to be accessed illegally.
All devices across iOS, Android, Linux, Mac and Windows Operating Systems are subject to attack from the malware.
JOIN OUR PULSE COMMUNITY!
ADVERTISEMENT
Eyewitness? Submit your stories now via social or:
Email: eyewitness@pulse.ng
Recommended articles
Dangote Refinery is bigger than these top 10 European refineries
How to Market Your Business Online in Nigeria: A guide for entrepreneurs
China dethrones USA as the most influential global power in Africa: Report
ByteDance prefers to shut down TikTok in US instead of selling it to American buyer
Veritasi Homes PLC paves way for fractional ownership with Assetize
MTN Nigeria introduces meetings+ video conferencing platform for SMEs
FG reclaims ₦57 billion out of ₦5.2 trillion liabilities owed by govt agencies
Music Business Academy for Africa wraps up successful 2023/2024 programme
Medic West Africa: Fostering collaboration, innovation for better healthcare
ADVERTISEMENT
![Dollar and Naira [THISDAYLIVE]](data:image/svg+xml;charset=utf8,%3Csvg%20xmlns%3D'http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg'%20width%3D'300'%20height%3D'172'%20data-ring-placeholder%3D'1'%3E%3C%2Fsvg%3E "Dollar and Naira [THISDAYLIVE]")