The Nigerian Communications Commission (NCC) has called the attention of telecom consumers to a new Android malicious software ‘AbstractEmu’, that had been discovered.
The National Agency established to manage risks of cyber threats and take proactive strategies to prevent cyber-attacks, Nigerian Computer Emergency Response Team (ngCERT), raised the alarm on the existence of the malware.
NCC said the malware can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.
NgCERT said “AbstractEmu has been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other marketplaces like Aptoide and APKPure”.
According to the advisory, utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware, which has the capability of attacking 19 Android applications.
The public is hereby warned that once installed, the attack chain is designed to leverage one of five exploits for older Android security flaws that would allow it to gain root permissions. It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server.
Furthermore, the malware can modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.
The ngCERT also stated that while the malicious apps were removed from Google Play Store, the other app stores are likely distributing them. Consequently, the NCC wishes to reiterate a two-fold ngCERT advisory in order to mitigate the risks. The two-fold advisory include:
- Users should be wary of installing unknown or unusual apps, and look out for different behaviours as they use their phones.
- Reset your phone to factory settings when there is suspicion of unusual behaviours in your phone.
The NCC, in exercise of its mandate and obligation to the consumers said it “will continue to sensitise and educate telecoms consumers on any cyber threat capable of inflicting low or high-impact harms on their devices, whether discovered through the ngCERT or the telecom sector’s Centre for Computer Security Incident Response managed by the Commission.”