NCC warns Nigerians against clicking links sent through SMS

By allcitynews.ng

The Nigerian Communications Commission (NCC), in apparent reason to safeguard interests of the general public
has warned against TangleBot.

According to NCC TangleBot is a
a new virus infecting Android mobile devices through short messaging service (SMS).

NCC Spokesman, Ikechukwu Adinde, on 29 Saturday 2022 said, the warning became useful following a recent security advisory made available to the commission by the Nigerian Computer Emergency Response Team (ngCERT).

Some of the messages with the link to the malware were said to contain information on COVID vaccination and power outages.

He pointed out that “The aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information.”

In addition, he said “Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine (9) dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

“The immediate consequence to this, is that the malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.”

The NCC added that the malware takes control of the targeted device, including access to banking data.

Likewise Adinde said, “In order to ensure maximum protection for Internet users in the country, the ngCERT has offered a number of preventive measures to be taken by the consumers. These measures include an advisory to telecom consumers and other Internet users to refrain from opening Uniform Resource Locators (URLs) from unknown sources while using your mobile devices.”

Furthermore, he said, “Additionally, telecom consumers should never respond or send reply to messages or call back a phone number that is associated with the text that they are unaware of. Should any telecom consumer or Internet user become curious and wish to ascertain the authenticity of any call or messages and wish to probe the incident, such persons may do a web search of both the number and the message content.

“Practice safe messaging practices and avoid clicking on any links in texts, even if they appear to come from a legitimate contact. Indeed, it is important to be judicious when downloading apps by reading install prompts closely, looking out for information regarding rights and privileges that the app may request.

“Other risk-mitigating measures advised by ngCERT is for users to be cautious of procuring any software from outside a certified app store. Advisedly, it is safer to call the company directly rather than using the phone number on the message received, especially if the message is spoofing a company.”