The Nigeria Computer Emergency Response Team (ngCERT) has issued a high-alert warning about a new Android malware campaign called Tria Stealer.
This advanced malware is hijacking WhatsApp and Telegram accounts, stealing personal and financial data, and intercepting One-Time Passwords (OTPs). It’s being spread through fake wedding and event invites sent over messaging apps.
Users are tricked into downloading an infected APK file disguised as a legitimate app. Once installed, the malware hides itself and begins stealing sensitive data almost immediately.
According to ngCERT, Tria Stealer gains access to SMS, call logs, and app notifications. It sends the stolen data to Command and Control (C2) servers using Telegram bots.
Here’s what it can do:
- Intercept OTPs to hijack your accounts
- Impersonate you to request fraudulent money transfers
- Access banking and financial apps
- Steal login details for identity theft
- Install more malware without permission
It uses encryption and obfuscation to avoid antivirus detection. It also restarts automatically with the phone, keeping control of the system.
Both individuals and organizations are at risk. Even users who are usually careful may fall for the scam because it appears to come from trusted contacts.
To stay safe, ngCERT urges the public to:
- Only download apps from the Google Play Store
- Avoid clicking on links from unsolicited event invites
- Enable two-factor authentication (2FA) on all apps
- Use mobile antivirus and keep it updated
- Limit app permissions, especially for unknown apps
For companies, ngCERT recommends:
- Running awareness campaigns for employees
- Warning staff about link-based scams in messaging apps
- Using Mobile Device Management (MDM) tools to enforce policies
- Monitoring for unusual traffic linked to known malware servers
- Deploying mobile threat detection tools for key staff
“Given the malware’s ability to impersonate trusted contacts, even security-conscious users could be tricked,” ngCERT warned.
If you receive any unexpected APK or invitation files, don’t open them—even if they come from someone you know.
