The Nigeria Computer Emergency Response Team (ngCERT) has issued a high-level security alert, warning Nigerians of a dangerous Android malware campaign targeting WhatsApp, banking applications, and personal financial data.
The malware, known as Tria Stealer, is highly evasive and sophisticated, with the ability to hijack WhatsApp and Telegram accounts, intercept One-Time Passwords (OTPs), and steal sensitive personal information from victims.
According to ngCERT, the malware is being distributed through fake wedding and event invitations shared on messaging platforms like WhatsApp and Telegram. Unsuspecting users are lured into downloading an infected Android Package Kit (APK) file, which, once installed, disguises itself as a legitimate system application to evade detection.
Once active, Tria Stealer immediately requests access to sensitive phone functions, including SMS, call logs, and app notifications, allowing it to begin harvesting critical data. The stolen information is then transmitted to a remote Command and Control (C2) server operated via Telegram bots.
The malware is capable of intercepting OTPs to hijack user accounts, impersonating victims to request fraudulent money transfers, accessing financial and banking apps, stealing login credentials for identity theft, and installing additional malicious software without the user’s knowledge.
According to ngCERT, the malware employs advanced encryption and obfuscation techniques to avoid detection by antivirus software and automatically reactivates after device restarts to maintain control.
It further stated that both individuals and organisations are at risk, particularly those who use mobile messaging platforms for personal or business communications,adding that because the malware impersonates trusted contacts, even security-conscious users can easily fall victim.
To mitigate the threat, ngCERT advised Nigerians to download apps only from trusted sources like the Google Play Store, avoid clicking unsolicited invitations or app installation requests even from known contacts, enable two-factor authentication on all messaging and banking applications, install and regularly update antivirus software on mobile devices, and limit app permissions, particularly for apps not obtained from official app stores.
For businesses and organisations, ngCERT recommended staff awareness campaigns on the dangers of APK-based malware, educating employees about the risks of clicking links in messaging apps, deploying mobile threat detection software for executives and key personnel, using Mobile Device Management tools to enforce security policies across corporate devices, and monitoring network traffic for suspicious connections to known malware control servers.
ngCERT emphasised that while personal vigilance is critical, organisations must also strengthen enterprise mobile security frameworks to protect against increasingly sophisticated cyber threats.
