Menu Close

Cybercrime: NCC alerts consumers to new ‘AbstractEmu’ malware attacking Android devices

Spyware Android Photo: Harapan Rakyat Online

*The Nigerian Communications Commission discloses the ‘AbstractEmu’ malware could gain access and take complete control of infected smartphones while modifying device settings, and simultaneously, taking steps to evade detection

*The Commission explains two-fold advisory on measures to mitigate the risks

Gbenga Kayode | ConsumerConnect

As part of its consumer education and sensitisation mandate, the Nigerian Communications Commission (NCC) informs telecoms consumers and the general public that a new Android malware, named ‘AbstractEmu’, has been discovered.

The telecoms regulatory Commission noted that the ‘AbstractEmu’ malware could gain access to smartphones, take complete control of infected smartphones, and silently modify device settings while simultaneously taking steps to evade detection.

Dr. Ikechukwu Adinde, Director of Public Affairs at NCC, Monday, November 8, 2021, stated the Nigerian Computer Emergency Response Team (ngCERT) announced this  discovery recently.

RELATED: NCC Commissions Incident Response Facility For Cybersecurity In Abuja

ConsumerConnect reports the ngCERT is the national agency established by the Federal Government to manage the risks of cyberthreats in the country.

The team also coordinates incident response and mitigation strategies to proactively prevent cyberattacks against Nigeria.

How AbstractEmu malware infects Android devices

The NCC explains that AbstractEmu has been found to be distributed via Google Play Store and third-party stores, such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces, including Aptoide and APKPure.

Dr. Adinde further said the advisory disclosed that a total of 19 Android applications which posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.

RELATED #BeCyberAware: NCC Sensitises Telecoms Consumers On Scams, Cybersecurity

“The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

“The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others,” the Commission said.

Citing the report, the NCC stated rooting malware, although rare, is very dangerous.

The Commission stressed by using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction. Elevated privileges also give the malware access to other apps’ sensitive data, something not possible under normal circumstances, the statement noted.

READ ALSO Interview: How Sustained Cybersecurity Awareness Will Address Online Frauds In Nigeria ─Expert

It also stated: “The ngCERT advisory also  captured the consequences of making their devices susceptible to AbstractEmu attack.

“Once installed, the attack chain is designed to leverage one of five exploits for older Android security flaws that would allow it to gain root permissions.

“It also takes over the device, installs additional malware, extracts sensitive data,  and transmits to a remote attack-controlled server.”

Besides, the regulator said that the malware could modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; and monitor notifications.

READ ALSO Cybersecurity: NCC Management, COP Ambassadors Stress Importance Of Child Online Safety In Africa

It as well can capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone, the statement noted.

ngCERT’s two-fold advisory to mitigate risks

The NCC also stated the ngCERT asserts in the advisory, that as the malicious apps were removed from Google Play Store, the other app stores are likely distributing them.

RELATED: NCC Alerts Telecoms Consumers To Flubot Android Malware, Lists Measures Against Attack

Consequently, the NCC wishes to reiterate a two-fold ngCERT advisory in order to mitigate the risks. The two-fold advisory include:

  1. Users should be wary of installing unknown or unusual apps, and look out for different behaviours as they use their phones.
  2. Reset your phone to factory settings when there is suspicion of unusual behaviours in your phone.

The NCC, therefore, assured Nigerians that in exercise of its mandate and obligation to the consumers, the Commission will continue to sensitise and educate telecoms consumers on any cyberthreat capable of inflicting low or high-impact harms on their devices, whether discovered through the ngCERT or the telecoms sector’s Centre for Computer Security Incident Response managed by the regulator.

Recall the NCC, October 2021, alerted the country’s telecoms consumers to the existence of new, high-risk and extremely-damaging Android device-targeting malware called Flubot.

Accordingly, the Commission outlined steps to prevent their mobile devices from being attacked by the virus.

Kindly Share This Story

 

Kindly share this story