NCC warns of new Android malware AbstractEmu

New Android malware has been detected by the Nigerian Communications Commission (NCC). The NCC desires to alert telecom customers and the wider public of this information.

If your smartphone is infected with the spyware, known as “AbstractEmu,” it may seize total control of the device while simultaneously evading detection.

The Nigerian Computer Emergency Response Team (ngCERT), a national agency established by the Federal Government to manage the risks of cyber threats in Nigeria, recently announced this discovery.

ngCERT also coordinates incident response and mitigation strategies to proactively prevent cyber-attacks on Nigeria.

AbstractEmu has been discovered to be available on the Google Play Store, Amazon Appstore, Samsung Galaxy Store, and other lesser-known markets including Aptoide and APKPure.

19 Android utility apps and system utilities including password managers and money managers, app launchers, and data savers have been discovered to feature the rooting capabilities of the virus.

Third-party storefronts like the Amazon Appstore and the Samsung Galaxy Store, as well as lesser-known markets like Aptoide and APKPure, are reported to have prominently spread the programs. These include All Passwords, Adblock Browser, Data Saver, and Lite Launcher. Night Light and Phone Plus are also included.

Rooting malware, even if it is unusual, is very harmful, according to the paper. The threat actor might secretly give itself hazardous rights or install more malware by leveraging the rooting procedure to get privileged access to the Android operating system. To get access to other applications’ sensitive data in this way is impossible under normal conditions.

Int’l Yitzhak Rabin School in Port Harcourt receives Israeli e-learning center

This assault is known as AbstractEmu, and the ngCERT advice warns of the dangers. The attack chain is meant to target one of five vulnerabilities in previous Android security weaknesses to acquire root access. A remote attack-controlled server may also take control of the device and install further malware on it, harvest sensitive data, and transfer it.

Malware can also alter phone settings to allow an app to reset the device password, or to lock the device, or to draw over other windows, install additional packages, access accessibility services, monitor notifications, capture screenshots, record the device screen, disable Google Play Protect, as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positions, and other data.

Apps that were deleted from the Google Play Store may still be circulating in other app shops according to the ngCERT. A two-pronged warning from the National Cyber Security Center (NCC) has been issued as a result of these threats. The two-pronged advice is as follows:

If you’re using your phone, you should keep an eye out for any strange or suspicious behavior.

When you suspect that your phone is behaving unexpectedly, you should reset it to factory settings.

On the NCC’s part, it is obligated to keep the public informed of any cyber threat that might cause low or high-impact damage to their devices, whether found by the ngCERT or the telecom sector’s Center for Computer Security Incident Response (CSIR) operated by the NCC.

When the National Communication Commission (NCC) issued a warning in October 2021 about a new, high-risk, and very harmful Android device-targeting Malware named Flubot, it described the actions that customers may take to protect their devices from being infected.

2 thoughts on “NCC warns of new Android malware AbstractEmu

Leave a Reply

Your email address will not be published. Required fields are marked *