The Nigerian Communications Commission’s Computer Security Incident Response Team has urged Samsung users to update their Galaxy App Store following the discovery of multiple vulnerabilities in the Samsung Galaxy App Store Application.
According to the commission, this vulnerability can lead to unwanted app installations and code execution. In an advisory, it said, “Meanwhile, NCC-CSIRT also advised users to update their Galaxy App Store following the discovery of multiple vulnerabilities in the Samsung Galaxy App Store Application can lead to unwanted app installations and code execution.
“It disclosed that Ken Gannon, a cybersecurity researcher from NCC Group, discovered the vulnerabilities in the Galaxy App Store application on Samsung devices that are running Android 12 and older.”
Also, the advisory warned against attackers using Microsoft OneNote attachments in phishing emails that infect victims with remote access malware, which may allow hackers to remotely access vital information on a victims’ devices.
The team advised users not to open files from people they do not know as such attachments may damage their computer or files.
It said, “The Team advised users not open files from people they do not know, not to click ‘OK’ and immediately exit the application if they receive a warning that opening an attachment or link can damage their computer or files and to promptly share an unknown email they believe to be genuine with a security or Windows administrator to assist in determining whether the file is secure.
“It had recently advised people not to open attachments in suspicious emails and to only purchase or download applications from official websites in response to the discovery of phishing malware that can gain unauthorized access to sensitive user data and download further malware.”
The NCC-CSIRT described malware as a remote access tool that easily controls a victim’s Personal Computers and may allow attackers to remotely control any compromised computer’s mouse and keyboard, accessing the system’s file management and history and might even execute commands allowing them to install additional malware.
It further added that the ‘CRAFTED’ website spreading the malware is still online and claims to be home to a new NFT card game built around the Pokemon franchise, offering users strategic fun together with NFT investment profits.