News

Cybercrime: FG Reports New Malware ‘AbstractEmu’ Attacking Android Phones

Nigerian Communications Commission (NCC) wishes to inform telecom consumers and the general public that a new Android malware has been discovered.

 

TRUETELLS NIGERIA reports that this was made known in a statement on Monday by Dr. Ikechukwu Adinde, NCC’s Director, Public Affairs.

 

The malware, named ‘AbstractEmu’, can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.

This discovery was announced recently by the Nigerian Computer Emergency Response Team (ngCERT), the national agency established by the Federal Government to manage the risks of cyber threats in the Nigeria, which also coordinates incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria

 

NCC reports that AbstractEmu has been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

 

According to the advisory, a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.

 

 

The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.

 

According to the report, rooting malware although rare, is very dangerous. By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction. Elevated privileges also give the malware access to other apps’ sensitive data, something not possible under normal circumstances.

 

 

The ngCERT advisory also captured the consequences of making their devices susceptible to AbstractEmu attack. Once installed, the attack chain is designed to leverage one of five exploits for older Android security flaws that would allow it to gain root permissions. It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server.

 

Additionally, the malware can modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.

 

 

 

The ngCERT also asserts in the advisory that, while the malicious apps were removed from Google Play Store, the other app stores are likely distributing them. Consequently, the NCC wishes to reiterate a two-fold ngCERT advisory in order to mitigate the risks.

 

The two-fold advisory include:

 

1. Users should be wary of installing unknown or unusual apps, and look out for different behaviours as they use their phones.

 

2. Reset your phone to factory settings when there is suspicion of unusual behaviours in your phone.

 

The NCC, in exercise of its mandate and obligation to the consumers, will continue to sensitise and educate telecoms consumers on any cyber threat capable of inflicting low or high-impact harms on their devices, whether discovered through the ngCERT or the telecom sector’s Centre for Computer Security Incident Response managed by the Commission.

 

Recall that the NCC, in October 2021, alerted telecom consumers of the existence of new, high-risk and extremely-damaging, Android device-targeting Malware called Flubot and outlined steps to prevent the eir devices from being attacked by the virus.

 

 

TruetellsNigeria

Recent Posts

Ofada Boy Marks 15th Anniversary, Set To Hold OFD 6.0 In Lagos on December 1

Nigerian’ leading outdoor and restaurant brand, Ofada Boy marks 15th year anniversary of offering indigenous…

36 mins ago

Ogunde Family Urged Court Of Appeal To Reject Union Bank’s Plea To Suspend Judgment

  The Court of Appeal in Lagos has been urged to reject Union Bank Plc's…

1 hour ago

Atiku Can’t Win Nigerian Presidential Election Without Support Of Nyesom Wike, Others — PDP

The Peoples Democratic Party (PDP) has claimed that it is impossible for former Vice President,…

2 days ago

Gunmen Kidnap Popular Christian Musician, Jude Nnam In Anambra After Church Programme

Popular Christian music composer, Jude Nnam, also known as Ancestor, has been reportedly kidnapped by…

2 days ago

#OndoDecides2024: DSS Arrests Suspected Vote-Buyer With Two Bags Of Money In Akure

A suspected vote-buyer has been arrested by officials of the Department of State Services (DSS)…

2 days ago

Several Parts Of Imo, Abia States In Blackout Over Disruptions At TCN

The Enugu Electricity Distribution Company PLC (EEDC), has blamed the blackout being experienced in some…

2 days ago