The Nigeria Computer Emergency Response Team (ngCERT) has issued a high-priority alert about a sophisticated new Android malware campaign called Tria Stealer, which is actively targeting users through popular messaging platforms.
The malware is designed to hijack WhatsApp and Telegram accounts, steal One-Time Passwords (OTPs), and harvest sensitive personal and financial information.
How the Attack Works
Tria Stealer is being distributed through fake wedding or event invitations shared on messaging apps like WhatsApp and Telegram. Victims are tricked into downloading an infected APK (Android Package Kit) file. Once installed, the malware disguises itself as a legitimate system application, allowing it to evade detection.
What Tria Stealer Can Do
Once active on a device, Tria Stealer requests access to key phone functions such as SMS, call logs, and app notifications. It immediately starts collecting data and sends it to a Command and Control (C2) server via Telegram bots.
ngCERT reports that the malware has multiple dangerous capabilities:
Intercepts OTPs to take over user accounts.
Impersonates victims to request fraudulent fund transfers.
Gains access to banking and financial apps.
Steals login credentials for identity theft.
Installs additional malware payloads without user permission.
To avoid detection, Tria Stealer uses encryption and code obfuscation techniques. It also automatically restarts upon reboot, ensuring persistent control over the infected device.
Who Is at Risk?
According to ngCERT, both individuals and organizations are vulnerable—especially users who rely heavily on messaging apps for personal or business communication. Because the malware can impersonate trusted contacts, even cautious users could be fooled into downloading the malicious file.
Safety Recommendations
For Individuals:
Download apps only from trusted sources like the Google Play Store.
Avoid clicking on unsolicited invitations or installation prompts—even if they appear to come from known contacts.
Enable two-factor authentication (2FA) on all messaging and banking apps.
Install and frequently update reputable antivirus software.
Limit app permissions, especially for apps not from official stores.
For Organizations:
Conduct awareness campaigns to educate employees about the risks of APK-based malware.
Warn staff about clicking links in messaging apps—even from coworkers.
Deploy mobile threat detection tools for executives and high-risk personnel.
Use Mobile Device Management (MDM) solutions to enforce security protocols on company devices.
Monitor network activity for signs of connections to known malware control servers.
ngCERT urges all users to remain vigilant and take proactive steps to secure their devices against this evolving threat.