The Nigeria Computer Emergency Response Team (ngCERT) has raised a critical cybersecurity warning for all Android users across Nigeria. A new Android malware threat, known as Tria Stealer, is targeting WhatsApp, Telegram, and banking apps, posing a major risk to personal and financial data.
This highly evasive malware campaign is spreading rapidly, and ngCERT urges both individuals and organisations to take immediate precautions to avoid falling victim.
What Is Tria Stealer Malware?
Tria Stealer is a dangerous Android malware designed to:
- Hijack WhatsApp and Telegram accounts
- Steal One-Time Passwords (OTPs)
- Gain unauthorized access to banking apps
- Harvest personal and financial data
- Install additional malicious software on devices
The malware is being distributed through fake event or wedding invitations sent via messaging apps like WhatsApp and Telegram. Once the user clicks on the malicious link and installs the infected APK file, the malware disguises itself as a system app to avoid detection.
How Tria Stealer Works
After installation, Tria Stealer requests access to:
- SMS messages
- Call logs
- App notifications
- Phone storage
It then begins collecting sensitive data and sends it to a remote Command and Control (C2) server managed through Telegram bots.
Main Capabilities of Tria Stealer:
- Intercepts OTPs to bypass two-factor authentication
- Hijacks WhatsApp and Telegram accounts
- Impersonates victims to request fraudulent money transfers
- Steals banking and app login credentials
- Installs additional malicious payloads
- Uses encryption to evade antivirus detection
- Auto-reactivates on device restart to maintain control
Who Is at Risk?
According to ngCERT, the following groups are especially at risk:
- Individuals who frequently use messaging apps (WhatsApp, Telegram)
- Users who download apps from unknown or third-party sources
- Organizations that use mobile devices for communication or banking
- Security-conscious users who may still be tricked by impersonated contacts
How to Stay Safe from Tria Stealer Malware
For Individuals:
- Only download apps from trusted sources like the Google Play Store
- Avoid clicking on unsolicited links or APKs, even from known contacts
- Enable 2FA (two-factor authentication) on all messaging and banking apps
- Use mobile antivirus software and update it regularly
- Restrict app permissions, especially for unknown or unofficial apps
For Organisations:
- Conduct employee cybersecurity awareness training
- Emphasize risks of clicking on links in messaging apps
- Deploy mobile threat detection tools for key staff
- Use Mobile Device Management (MDM) solutions to enforce policies
- Monitor network activity for connections to known malware servers.
Act Now to Protect Your Device
As cyberattacks targeting Android devices in Nigeria become more sophisticated, users must remain vigilant. The Tria Stealer malware represents a significant risk to both personal privacy and organisational security. Avoid downloading unknown APK files, enable security features like 2FA, and make sure all devices are protected with the latest antivirus solutions.
