The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users to use two-factor authentication to protect their Telegram accounts and not to download unknown Advanced IP Scanner Software in response to the discovery of a new attack that compromises victims’ VPN (Virtual Private Network) accounts to compromise messaging app, Telegram.
Ukrainian cyber experts discovered the attack, which employs Vidar Malware (Vidar Stealer) to steal Telegram session data, allowing unauthorized access to the victim’s telegram account as well as corporate account or network in the absence of configured two-factor authentication and a passcode.
The malware, which steals data by gaining unauthorized access to Telegram users’ and corporate accounts, targets all operating systems platforms including iOS, Android, Linux, Mac, and Windows.
“According to the Ukrainian CERT, Somnia Ransomware was developed for use on Telegram, tricking users into downloading an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware.” The installer installs the Vidar stealer, which steals the victim’s Telegram session data in order to take control of their account.
“The threat actors use the victim’s Telegram account in an unspecified manner to steal VPN connection data” (authentication and certificates). The alert and advisory state that “if the VPN account is not protected by a two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network.”
“Once inside, the intruders conduct reconnaissance work using tools such as Netscan, Rclone, Anydesk, and Ngrok to perform various surveillance and remote access activities,” according to the report.
The CSIRT is the telecom sector’s cyber security incident center, established by the NCC to focus on incidents in the telecom sector that may affect telecom consumers and citizens at large.
The CSIRT also collaborates with ngCERT, which was established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to prevent attacks, problems, or related events.