The Nigerian Communications Commission (NCC) has revealed to Andriod users a new malware attacking the smartphone.
According to the NCC, the malware, named ‘AbstractEmu’, could gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.
Dr. Ikechukwu Adinde, NCC Director, Public Affairs in a signed statement stated that the discovery was announced recently by the Nigerian Computer Emergency Response Team (ngCERT), the national agency established by the federal government to manage risks of cyber threats in Nigeria, which also coordinates incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria.
It also added that AbstractEmu had been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.
The advisory stated that a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps had been reported to contain the rooting functionality of the malware.
The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light, and Phone Plus, among others.
The statement further stated that the malware could modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimization; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.
The ngCERT also asserts in the advisory that, while the malicious apps were removed from Google Play Store, the other app stores are likely distributing them.
The Commission reiterated a two-fold ngCERT advisory in order to mitigate the risks. The two-fold advisory includes: Firstly, users should be wary of installing unknown or unusual apps, and look out for different behaviors as they use their phones. Secondly, reset your phone to factory settings when there is suspicion of unusual behaviors in your phone.
NCC said it would continue to sensitize and educate telecoms consumers on any cyber threat capable of inflicting low or high-impact harms on their devices, whether discovered through the ngCERT or the telecom sector’s Centre for Computer Security Incident Response managed by the NCC.
ALSO READ:
