Advisory ID: NCC-CSIRT-0222-0005
Summary: XENOMORPH, is a newly hatched malicious software that steals users banking App login credentials and has been found to target 56 financial institutions from Europe. It was named “Xenomorph” by researchers at "Threatfabric" because of the similarities in its code to that of the notorious banking Trojan "Alien", which has made researchers to believe that it is either the successor to “Alien” or that they both were created by the same Person. The main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor Authentication tokens.
Vulnerable Platform(s): All Android devices
Read more: Xenomorph Trojan Malware Targets Android Banking Applications
Advisory ID: ngCERT-2022-0066
Summary: New variants of the BRATA banking trojan have been discovered to be targeting global Android devices since November 2021 with advanced features, including the ability to wipe devices after stealing user data, tracking devices via GPS, and novel obfuscation techniques. The remote access trojan (RAT), which targets banks and financial institutions, is now being distributed through a downloader to avoid being detected by antivirus (AV) solutions.
Vulnerable Platform(s): Android Devices
Read more: New Variant of BRATA Banking Trojan Infecting Android Devices
Advisory ID: NCC-CSIRT-0122-0002
Summary: Facebook for Android is vulnerable to a permission issue which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone. The products affected include Versions 329.0.0.29.120 of Android OS. To solve the vulnerability, users are recommended to disable the feature from their device’s lock screen notification settings.
Vulnerable Platform(s): All Android 10 Versions 329.0.029.120
Read more: Facebook for Android Friend Acceptance Vulnerability
Advisory ID: NCC-CSIRT-0122-0001
Summary: Attackers have found a new way to gain unauthorized entry into unsuspecting mobile phone users when they charge their mobile phones at public charging stations. Many Public spaces, restaurants, malls and even in the public trains offer complementary services to their customers in a bid to enhance customer services. One of which is providing charging ports or sockets. An attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations. Once the victim plugs their phone at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone. This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, audio using the microphone, the attacker can even watch the victim in real time if the victims’ camera is not covered. The attacker is given full access to the gallery and also to the phone's GPS location.
Vulnerable Platform(s): All Mobile Phones
Read more: Beware of Juice Jacking when charging mobile phones at public charging stations
Advisory ID: ngCERT-2022-0065
CVE(s): CVE-2021-24867
Summary: New discovery revealed that dozens of WordPress themes and plugins were backdoored with malicious code with the goal of infecting further sites. Also, a security shortcoming affecting three different WordPress plugins that impacted over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites has been disclosed.
Vulnerable Platform(s): WordPress Content Management System