The National Information Technology Development Agency (NITDA) has raised an alarm about a new cyber threat targeting Nigerians. Dubbed the “PlayPraetor Trojan,” this malware is being distributed through fake websites designed to mimic the Google Play Store, tricking unsuspecting users into downloading harmful applications. In a statement shared on Twitter, NITDA revealed that cybercriminals are using deceptive tactics like phishing emails, scam SMS messages, and fraudulent online ads to lure victims. Once the malicious app is installed, the Trojan grants attackers unauthorized access to the victim’s device, enabling them to steal sensitive data, such as login credentials and financial details. The malware can also deploy other harmful software, monitor keystrokes, and even hijack cryptocurrency wallets, all without the user’s knowledge. The PlayPraetor Trojan spreads through links embedded in phishing campaigns. When users click on these links or download compromised files, the malware silently installs itself on their devices. It then uses advanced techniques to evade detection by antivirus programs, making it difficult for users to notice or remove it. One of its most alarming features is its ability to impersonate trusted apps by mimicking their names and icons. Once installed, these fake apps request access to Accessibility Services, giving hackers control over critical functions like screen monitoring and data capture. NITDA’s Recommendations for Staying SafeTo protect against this growing threat, NITDA has advised Nigerians to take the following precautions: Download Apps from Trusted Sources: Only download apps from the official Google Play Store or verified platforms. Avoid third-party websites or untrusted sources that may host malicious software. Verify App Developers: Always check the developer’s credentials and read user reviews before installing any app. Be cautious of apps with few or overly positive reviews that seem suspicious. Keep Devices Updated: Regularly update your device’s operating system and apps to ensure you have the latest security patches. Use Reputable Security Software: Install reliable antivirus or anti-malware programs from trusted providers to add an extra layer of protection against threats like Trojans and phishing attempts. Enable Two-Factor Authentication (2FA): Strengthen your account security by enabling 2FA wherever possible. Additionally, NITDA recommends using strong passwords and backing up important data regularly to minimize potential losses in case of an attack. Cybersecurity threats like the PlayPraetor Trojan highlight the increasing sophistication of cybercriminals and their ability to exploit technology users’ trust in legitimate platforms like Google Play Store. By staying vigilant and following best practices for online safety, Nigerians can better protect themselves from falling victim to such malicious schemes.
EFCC arrests 134 suspected fraudsters, a.k.a. “yahoo boys”, as Kwara tops the list
The Economic and Financial Crimes Commission (EFCC) has intensified its crackdown on internet fraud, arresting 134 suspects across Nigeria in March 2025. According to data released by the agency, Kwara State emerged as the hotspot for these crimes, with 37 arrests, accounting for 27.6% of the total. Delta and Akwa Ibom followed with 30 (22.4%) and 23 (17.1%) arrests, respectively. The EFCC secured 83 convictions during the same period, with Edo State leading at 46 convictions. Sentences ranged from three months to four years in prison, often accompanied by fines between ₦30,000 and ₦500,000. Critics have raised concerns about the leniency of these penalties, particularly when compared to the large sums stolen by fraudsters. Among notable cases, a husband-and-wife duo impersonated Katsina State’s First Lady to steal ₦197.75 million. Another case involved two brothers convicted in Maiduguri for stealing ₦8.2 million; they each received four-year jail terms or a fine of ₦100,000. The EFCC seized significant assets from suspects, including 81 smartphones, 24 laptops, 29 cars, ₦6 million in cash, and $400. Despite these efforts, the scale of internet fraud continues to challenge law enforcement.
Nigerian man faces 20-year jail term over alleged $2.5 million romance scam in the U.S.
A Nigerian national, Charles Uchenna Nwadavid, has been indicted in the United States for his alleged involvement in a $2.5 million romance scam that targeted six victims across the country. The charges, which include mail fraud and money laundering, could result in a 20-year prison sentence if he is convicted. The U.S. Department of Justice revealed in a statement on Wednesday that Nwadavid, 34, was arrested on April 7, 2025, upon arriving at Dallas-Fort Worth International Airport from the United Kingdom. He is accused of orchestrating elaborate online scams between 2016 and 2019, using fake profiles on dating and social media platforms to lure victims into fraudulent relationships. According to court documents, perpetrators of romance scams typically create fictitious profiles to gain victims’ trust under the guise of a romantic relationship. Victims are then manipulated into transferring money or conducting financial transactions under false pretenses, such as claims of urgent medical needs or securing multimillion-dollar inheritances. Nwadavid allegedly used one victim from Massachusetts (referred to as Victim 1) as an intermediary to collect funds from five other victims across the U.S. He is accused of tricking Victim 1 into transferring her own money and funds from other victims through cryptocurrency transactions. The statement further alleges that he accessed accounts in Victim 1’s name remotely to move the stolen funds into cryptocurrency wallets he controlled via LocalBitcoins, an online trading platform. The charges against Nwadavid carry severe penalties. Mail fraud alone could lead to up to 20 years in prison, three years of supervised release, and fines of up to $250,000 or twice the financial loss caused to victims. Money laundering charges also carry a maximum sentence of 20 years in prison, three years of supervised release, and fines up to $500,000 or twice the value of laundered property. In addition to these penalties, Nwadavid may face deportation upon completing any sentence imposed by the court. Sentencing will be determined by a federal district court judge based on U.S. Sentencing Guidelines and relevant statutes. Nwadavid made his first court appearance on April 8, 2025, at a federal court in Fort Worth, Texas. He has been detained pending further legal proceedings. The U.S. Attorney’s Office emphasized that all charges are allegations at this stage and that Nwadavid is presumed innocent until proven guilty beyond a reasonable doubt.
Expert urges Nigerians to strengthen online security with passphrases
Software expert Moses Buba has recommended Nigerians adopt passphrases over traditional passwords for better online security. Speaking in Abuja during an interview with the News Agency of Nigeria (NAN), Buba emphasized that conventional passwords are increasingly vulnerable to hacking attempts. Passphrases, which consist of multiple words or sentences, are longer and harder for hackers or bots to crack. Unlike traditional passwords, they are easier to remember and provide stronger protection for sensitive data. Examples of passphrases include “MyVillagePeopleCantCatchMe2025” and “TrafficOnThirdMainlandIsReal.” “Passwords are easy to crack and not strong enough to provide comprehensive internet security,” Buba stated. He urged users to adopt passphrases to safeguard their online activities, including banking, social media, and e-commerce platforms. Nigeria faces one of the highest rates of cyber-attacks in Africa, with organizations experiencing an average of 3,759 attacks weekly, double the global average. The financial sector is particularly affected, recording 4,718 incidents per week due to outdated infrastructure and weak multi-factor authentication systems. Government institutions and schools are also frequent targets, facing ransomware and phishing schemes regularly. Buba expressed concern over the growing number of Nigerians falling victim to cybercrime due to poor password habits. “Stories of hacked accounts are becoming more common because many internet users rely on weak passwords,” he said. He stressed the importance of adopting passphrases as a simple yet effective measure against cyber threats, urging Nigerians to prioritize their online safety.
Facebook marketplace scammers pose as customs officers, duping Nigerians with fake auctions
A disturbing scam has emerged on Facebook Marketplace, where fraudsters impersonating Nigeria Customs Service (NCS) officers lure unsuspecting buyers with fake auction deals on seized goods, exploiting their trust and financial vulnerability. These scammers advertise items like electronics and household appliances at prices far below market value, claiming they are auctioned goods seized at border points such as the Seme Border. Victims are asked to pay a registration fee and additional charges for delivery, only to realize later that the goods never existed. Victims report being contacted by a woman using the name Adeyemi Christiana on Facebook, who speaks in Pidgin English and reassures buyers of the availability of items. A ₦7,500 registration fee is required to join the auction. After payment, victims are further pressured by a supposed delivery driver to pay additional fees for logistics and vehicle repairs, leading to losses of up to ₦32,500 in documented cases. The Nigeria Customs Service has repeatedly warned the public about such fraudulent schemes, emphasizing that legitimate auctions are conducted solely through their official e-Auction platform and never via social media or WhatsApp. They urge individuals to verify auction details through their website or help desk and report suspicious activities immediately.
Nigeria enacts 10-year jail terms for ponzi scheme promoters
The recently signed Investment and Securities Act (ISA 2025) by President Bola Ahmed Tinubu marks a significant step in Nigeria’s fight against Ponzi schemes. Under the new law, promoters of these fraudulent schemes face a minimum of 10 years imprisonment and a fine of at least N40 million. Dr. Emomotimi Agama, Director-General of the Securities and Exchange Commission (SEC), emphasized during an interview that the Act provides the Commission with enhanced powers to prosecute offenders and recover profits gained through fraudulent activities. Beyond financial penalties, the law ensures disgorgement of ill-gotten gains, aiming to restitute victims and deter future crimes. The ISA 2025 also empowers SEC to access communication records for investigations, strengthening its ability to tackle illegal fund managers.