Cybercrime: NCC Discovers New Malware AbstractEmu, Attacking Android Devices

The Nigerian Communications Commission (NCC) has raised the alarm about the discovery of a new Android malware.

The malware, named ‘AbstractEmu’, can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.

This discovery was announced by the Nigerian Computer Emergency Response Team (ngCERT), the national agency established by the Federal Government to manage the risks of cyber threats in Nigeria.

The NCC in a statement said that AbstractEmu has been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

The advisory stated that a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.

The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.

According to the report, rooting malware although rare, is very dangerous.

By using the rooting process to gain privileged access to the Android operating system, the statement said the threat actor can silently grant itself dangerous permissions or install additional malware.

The NCC statement said that elevated privileges also give the malware access to other apps’ sensitive data, something not possible under normal circumstances.

The ngCERT advisory also captured the consequences of making their devices susceptible to AbstractEmu attack.

It said once installed, the attack chain is designed to leverage one of five exploits for older Android security flaws that would allow it to gain root permissions.

It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server.