Seamfix played a prominent role at the 2025 National Identity Day event held in Lagos, showing the importance of digital identity as a universal right. The company reaffirmed its dedication to delivering secure and verifiable identification solutions for all Nigerian citizens. As a Diamond Sponsor, Seamfix spearheaded discussions around the critical role of Public Key Infrastructure (PKI) as the foundation for digital public infrastructure. This technology supports secure digital governance, financial dealings, and seamless integration across sectors. The event, organized by the National Identity Management Commission (NIMC), emphasized trusted identity’s pivotal function in driving national development, enhancing financial inclusion, and accelerating the country’s digital transformation goals. Seamfix’s collaborative efforts with NIMC have led to innovative digital access management tools that facilitate mass biometric enrollment and compliance with regulatory standards. The platform supports a wide range of industries, including banking, telecommunications, healthcare, and education, while ensuring internal security for enterprises. The firm’s portfolio, featuring products such as Fixiam, GovSmart, BioSmart X, Verify, and SeamID, has enabled over 400 million digital identity checks, surpassed 70 million biometric SIM activations, and enrolled 50 million citizens into official identity programs. Beyond Nigeria, Seamfix operates in several countries including Côte d’Ivoire, Kenya, Uganda, South Africa, the UAE, the UK, and the US, adapting its innovations to diverse markets and regulatory environments. At the gathering, key participants explored how PKI can enhance digital trust by securing electronic signatures, safeguarding encrypted communications, and facilitating cross-platform interoperability. Seamfix also called for bolstered cooperation between public entities and private stakeholders to expand nationwide digital identity coverage, combat fraud more effectively, and lay a robust foundation for inclusive economic growth.
Binance founder unmasks North Korean tactics in crypto exchange thefts
Changpeng Zhao, CEO of Binance, has warned of the strategies used by North Korean hackers to compromise cryptocurrency platforms. These cybercriminals employ cunning social engineering and technical methods to steal millions. The Binance chief described these cyber attackers as highly skilled, patient, and inventive. Rather than relying solely on software vulnerabilities, they exploit human factors. For example, they frequently impersonate prospective employees by submitting applications for IT, security, and finance positions to gain unauthorized insider access. In some cases, they act as recruiters conducting fake interviews, using technical glitches during video calls as a pretext to send malware disguised as software updates or sample code. Additionally, these operators sometimes appear as customers, using infected links in support requests to breach systems. Zhao revealed that bribery also plays a role, with some hackers offering payments to employees or contractors to facilitate access. He cited a recent incident in which an Indian outsourcing company was compromised, enabling hackers to steal over $400 million from a U.S.-based exchange. Amid growing regulatory pressures and investor concerns, Zhao urged crypto firms to implement rigorous hiring screenings and caution employees against downloading files from untrusted sources.
MTN Nigeria to lease spectrum from T2 Mobile starting October 1
MTN Nigeria Communications Plc has revealed plans to lease frequency spectrum from T2 Mobile Limited (formerly 9Mobile) beginning October 1, 2025. This arrangement involves 5MHz frequency division duplex (FDD) in the 900MHz band and 15MHz FDD in the 1800MHz band for three years. According to a statement by company secretary Uto Ukpanah, the spectrum lease is integral to the national roaming agreement between MTN and T2 Mobile. This collaboration allows MTN to manage additional network traffic from T2’s subscribers by utilizing MTN’s infrastructure where T2’s coverage is limited. MTN Nigeria CEO Karl Toriola emphasized the move as part of MTN’s goal 2025 plan to boost network capacity sustainably. He stressed how such endeavors support Nigeria’s broader digital transformation and expanded broadband access. Meanwhile, MTN confirmed it will not renew its current one-year spectrum lease with Natcom Development and Investment Ltd (Ntel), which covers 5MHz in the 900MHz band and 10MHz in the 1800MHz band across 17 states, expiring on November 29, 2025. Instead, MTN is focusing on newer arrangements that strengthen collaboration and infrastructure investment. T2 Mobile has benefited from this cooperation, recording its first subscriber growth in July 2025 with over 290,000 new users, ending a year-long decline. Despite this rise, 9Mobile holds the fourth largest market share at 1.61%, far behind MTN’s dominant 52.7%. Overall, Nigeria’s active mobile subscriptions fell slightly in July, alongside a marginal drop in teledensity based on NCC data.
Google Play Apps with 38 million downloads tied to major mobile Ad fraud scheme
Security experts have uncovered one of the largest mobile advertising scams in recent memory, involving 224 apps on the Google Play Store that have been downloaded over 38 million times worldwide. Known as SlopAds, this deceptive operation covertly generated fake ad impressions and clicks behind the scenes, diverting advertising funds without delivering actual engagement to brands. The fraud was detected by HUMAN’s Satori Threat Intelligence team, who promptly alerted Google. Using sophisticated techniques such as steganography and hidden web browsers embedded within the apps, the scheme opened unseen windows that accessed cashout sites controlled by the fraudsters, accumulating a staggering 2.3 billion bid requests daily. The scam was engineered to remain under the radar by only activating on devices that installed an app after clicking on a SlopAds-linked advertisement, while other installations stayed inactive. Researchers described this as an advanced exploitation of marketing attribution technology. All users with these apps installed will receive warnings through Play Protect, which is automatically enabled on Android devices with Google Play Services – the report stated The illicit traffic generated by SlopAds spanned 228 countries, with the bulk of the activity coming from the United States (31%), followed by India (11%) and Brazil (7%). Many of the involved apps, along with related servers and domains, carried an AI motif, inspiring the campaign’s name. In addition to generating bogus ad views, the apps collected extensive device and browser data, enabling the perpetrators to fine-tune their operations. Encrypted commands, delivered through Google’s Firebase platform, instructed the apps to load fraud modules, access cashout sites, and execute scripts critical to revenue generation. In some cases, even the fraud management components were concealed within PNG image files, later reconstructed on users’ devices to form executable code. One notable cashout technique involved HTML5 games and news websites controlled by the scammers, which displayed ads at high frequency in hidden browser windows, unseen by users. Advertisers, however, paid for impressions and clicks that never reached actual audiences. To users, these applications seemed harmless but quietly consumed device resources in the background. For advertisers, the consequences translated into millions of dollars lost to phantom ad engagements. Unfortunately, this is not the first instance of malicious apps exploiting the Google Play Store to deceive users and advertisers. Last October, researchers from the Zscaler ThreatLabz team uncovered more than 200 harmful apps downloaded nearly eight million times. The report also stated that Nigeria ranks among the top ten countries targeted by mobile malware attacks, alongside India, the US, Canada, South Africa, the Netherlands, Mexico, Brazil, Singapore, and the Philippines. Experts urge continued vigilance and enhanced security measures to protect both consumers and brands from increasingly sophisticated digital threats.
Microsoft disrupts Nigerian-led RaccoonO365 phishing network, seizes 338 domains
Microsoft’s Digital Crimes Unit (DCU) has successfully dismantled RaccoonO365, a Nigeria-based phishing operation, by seizing 338 websites used to steal thousands of Microsoft 365 credentials worldwide. The crackdown focused on a prolific cybercriminal platform known for selling phishing toolkits designed to mimic official Microsoft communications, including emails and login pages. Marketed on Telegram to over 850 users, this subscription-based service allowed criminals with minimal technical skills to launch credential-harvesting campaigns at an alarming scale. Since July 2024, the kits have facilitated the theft of more than 5,000 Microsoft user credentials. At the center of this operation is Joshua Ogundipe, a Nigerian programmer identified by Microsoft as the mastermind behind RaccoonO365’s technical framework and business model. Microsoft revealed that he and associates took specialized roles in code development, subscription sales, and support services for the criminal clientele, generating at least $100,000 in cryptocurrency payments. They employed deceptive tactics like registering internet domains with fake identities and addresses spanning multiple countries to evade detection. The compromised kits have been linked to damaging campaigns targeting critical sectors, including a tax-themed offensive against over 2,300 U.S. organizations and at least 20 American healthcare institutions. Experts warn these phishing operations pave the way for severe disruptions such as ransomware attacks, exposing sensitive patient data and compromising public safety. Microsoft’s collaboration with Cloudflare and Chainalysis facilitated the takedown, suspending malicious domains, disabling scripts, and revealing key cryptocurrency wallets aiding attribution. The swift legal and technical intervention against RaccoonO365 shows the importance of joint international cooperation to curtail cybercrime.
Nigerian government agencies fall short on privacy law compliance despite presidential orders
Months after President Bola Tinubu directed all ministries and government bodies to adhere to Nigeria’s Data Protection Act 2023, several key agencies, including INEC, remain without mandatory privacy policies or cookie alerts on their websites. Experts warn this oversight undermines citizens’ data protection rights. Recent checks reveal that the Independent National Electoral Commission’s website lacks the essential cookie notification and privacy policy that inform visitors about data handling practices. Similar lapses were identified on other government portals, raising legal and ethical concerns. Privacy and data specialists pointed out that these omissions contravene the enforcement provisions intended to protect individuals’ personal information. According to Barrister Oladipupo Ige, Director of Policy at the Data Privacy Lawyers Association, the Nigeria Data Protection Commission’s guidelines explicitly require all entities controlling or processing data to feature prominent, interactive cookie and privacy notices on the main page of their digital platforms. He emphasized that placing such notices in obscure areas diminishes transparency and user awareness. No system is flawless, but privacy policies and cookie prompts represent the baseline for protection. Agencies should urgently reassess their websites to align with legal standards and cultivate robust data privacy practices nationwide…government bodies must take this seriously to foster a culture of responsible data stewardship – Ige Solomon Okedara, a digital rights expert, reinforced the need for government institutions to treat these disclosures as legal obligations, not mere formalities. The absence of such protocols on official sites, he noted, not only breaks current laws but weakens public trust in how authorities manage sensitive information. He called on regulatory bodies like the NDPC to intensify oversight and enforce compliance among public agencies. Barrister Olalekan Bosede added that under Section 24 of the NDPA 2023, transparency through clear privacy policies and cookie alerts is mandatory for all government-operated online services. He stressed that this responsibility restates the government’s accountability to citizens regarding data processing activities. President Tinubu’s analogy of data as the “new oil” shows its growing value and the urgent need for responsible management. Strengthening enforcement mechanisms and cultivating public confidence will be critical as Nigeria advances in its digital governance agenda.