The Nigerian Communications Commission’s Cyber Security Incident Response Team, has advised Nigerians to adopt safety measures to prevent data theft on messaging app, Telegram.
The agency in response to the discovery of a new attack that compromises victims’ VPN, advised users to adopt two-factor authentication to protect their Telegram accounts and to not download unknown Advanced IP Scanner Software.
The attack was discovered by Ukrainian cyber experts, who used Vidar Malware to steal Telegram session data. If two-factor authentication and a passcode are not configured, this data can be used to gain access to the victim’s corporate account or network as well as their Telegram account.
The malware targets platforms across iOS, Android, Linux, Mac, and Windows Operating Systems, exploiting unauthorized access to users’ Telegram accounts and business accounts to steal data.
“The Ukrainian CERT alleged that a Somnia Ransomware was created to be used on Telegram that tricks users to download an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware. The installer infects the system with the Vidar stealer, which steals the victim’s Telegram session data to take control of their account.
“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.