A new method has been devised by hackers to take control of people’s social media messaging app, the Nigerian Communications Commission (NCC-CSIRT) Response Team has revealed.
According to NCC-CSIRT, the discovery affects the virtual private network (VPN) which in turn compromises the messaging application.
Meanwhile, CSIRT has warned app users not to underestimate two-factor authentication to protect their Telegram accounts and not to download Advanced IP Scanner Software.
Using the Telegram app as a case study, a cyber expert from Ukraine dissected the method hackers used to do their ax work.
Ukrainian cyber experts discovered the attack, which uses Vidar Malware (Vidar Stealer) to steal Telegram session data, which, in the absence of configured two-factor authentication and a password, allows a unauthorized access to the victim’s telegram account and company account or network.
The malware, which exploits unauthorized access to users’ Telegram accounts and corporate accounts to steal data, targets platforms on iOS, Android, Linux, Mac and Windows operating systems.
“The Ukrainian CERT has alleged that a Somnia Ransomware has been created for use on Telegram that tricks users into downloading an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware. The installer infects the system with the Vidar thief, which steals the victim’s Telegram session data to take control of their account.
“Threat actors abuse the victim’s Telegram account in an unspecified way to steal VPN connection data (authentication and certificates). If the VPN account is not protected with a two-factor authentication code , hackers use it to gain unauthorized access to the victim’s employer’s corporate network,” the alert and notice reads.
“Once inside, the intruders perform reconnaissance using tools such as Netscan, Rclone, Anydesk, and Ngrok to perform various monitoring and remote access activities, then deploy a Cobalt beacon Strike, exfiltrating the data using the Rclone program,” the report said.
The CSIRT is the telecommunications sector cybersecurity incident center established by the NCC to focus on incidents in the telecommunications sector and as they may affect telecommunications consumers and citizens in general.
CSIRT also works in conjunction with ngCERT, established by the Federal Government to reduce the volume of future cyber risk incidents by preparing, protecting and securing Nigerian cyberspace to prevent attacks and related issues or events.
The Nigerian Communications Commission (NCC) is the independent regulator of the telecommunications industry in Nigeria. The NCC was established under Executive Order Number 75 by the Federal Military Government of Nigeria on November 24, 1992.