The Nigeria Computer Emergency Response Team (ngCERT) has issued a high-alert warning over a new wave of sophisticated cyberattacks targeting Android devices through a malware campaign dubbed Tria Stealer.
The malicious software, described as highly evasive, is being used to hijack WhatsApp and Telegram accounts, intercept One-Time Passwords (OTPs), and steal sensitive personal and financial data.
According to ngCERT, Tria Stealer is being spread via fake wedding or event invitations shared through messaging platforms like WhatsApp and Telegram.
Unsuspecting users are lured into downloading an infected Android Package Kit (APK) file, which, once installed, disguises itself as a legitimate system app to bypass detection.
What Tria Stealer does
Once active on a device, Tria Stealer requests access to critical phone functions, including SMS, call logs, and app notifications, and immediately begins harvesting data.
It transmits this information to a Command and Control (C2) server operated via Telegram bots.
According to ngCERT, the malware is also capable of intercepting OTPs to hijack user accounts; impersonating victims to request fraudulent money transfers; gaining access to financial and banking apps; stealing login credentials for identity theft; and installing additional malicious payloads without user consent.
The malware uses encryption and obfuscation techniques to remain hidden from antivirus software, and it automatically reactivates whenever the device is restarted, ensuring it maintains control over the system.
Who is at risk?
ngCERT noted that both individuals and organizations are at risk of falling victim to this malware, especially those who frequently use mobile messaging platforms for personal or business communication.
Given the malware’s ability to impersonate trusted contacts, even security-conscious users could be tricked into downloading the infected APK.
To stay safe, the ngCERT advised individuals to:
- Only download apps from trusted sources, such as the Google Play Store.
- Avoid clicking on unsolicited event invitations or app installation requests—even from known contacts.
- Enable two-factor authentication (2FA) on all messaging and banking apps.
- Install and regularly update mobile antivirus software.
- Limit app permissions, especially for apps not from official stores.
For organizations, ngCERT recommends:
- Launching employee awareness campaigns around the dangers of APK-based malware.
- Emphasizing the risks of clicking links in messaging apps, even if they appear to come from colleagues or friends.
- Deploying mobile threat detection software for key personnel and executives.
- Using Mobile Device Management (MDM) tools to enforce security policies on corporate devices.
- Monitoring network traffic for suspicious connections to known malware control servers.
