ngCERT has alerted the public to beware of a new wave of Android malware known as Tria Stealer currently targeting users in Nigeria.
This trojan spreads through fake links, usually disguised as wedding or event invites, and tricks users into downloading malicious APK files. Once installed, it gains access to everything, from WhatsApp and Telegram to your SMS inbox.
The Android malware hijacks accounts, exploits stolen credentials, impersonates users, and executes financial fraud with ease. Even your two-factor authentication might not help if you’ve already handed over sensitive access.
This kind of threat has evolved over the years, but Tria Stealer is different. It goes beyond stealing data to using it. Messages get intercepted and access credentials are quietly harvested. Before the victim realises what’s happening, their online identity has been cloned and weaponised.
The Nigeria Computer Emergency Response Team (ngCERT) has issued a high-risk alert over this threat. “Account takeover of messaging platforms. Impersonation of victim for fraudulent money transfer requests. Compromise of banking and financial applications. Identity theft and credential harvesting.”
In plain terms, if your phone is compromised, the consequences could be catastrophic. Your financial apps are vulnerable, your reputation could be ruined by impersonation and even simple personal messages could be twisted into tools for scams.
Here’s what users should be doing now:
- Don’t download apps outside the official Play Store.
- Be suspicious of random invites or links, even from people you know.
- Turn on 2FA for everything—banking, emails, social platforms.
- Get a reputable antivirus and keep it updated.
If you run an organisation, you should already be taking this seriously. ngCERT’s guidance says you should raise awareness, monitor mobile devices, and not let your team click on unverified links.
“Deploy network monitoring for suspicious outbound connections to known C2 domains,” it said, meaning, keep an eye on every digital door in and out.
This isn’t one of those cases where you wait to see if it affects you. By the time you realise it, it may already be too late.
