Tag Archive for: AbstractEmu

New malware, AbstractEmu attacking, destroying Android phones – NCC warns Nigerians

/in


The Nigerian Communications Commission (NCC) has warned telecom consumers and the general public of a new Android malware that has been discovered.

According to the Commission, the malware, named ‘AbstractEmu’, can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.

In a statement made available to DAILY POST by Ikechukwu Adinde, the NCC Spokesman, said that this discovery was announced recently by the Nigerian Computer Emergency Response Team (ngCERT), the national agency established by the Federal Government to manage the risks of cyber threats in Nigeria, which also coordinates incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria

AbstractEmu, the NCC said has been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

The advisory stated that a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.

The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.

According to the report, rooting malware although rare, is very dangerous. By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction. Elevated privileges also give the malware access to other apps’ sensitive data, something not possible under normal circumstances.

The ngCERT advisory also captured the consequences of making their devices susceptible to AbstractEmu attacks. Once installed, the attack chain is…

Source…

New AbstractEmu malware roots Android devices, evades detection

/in


New AbstractEmu malware roots Android devices, evades detection

Image: Jon Hunter

New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks.

The malware, dubbed AbstractEmu by security researchers at the Lookout Threat Labs who found it, was bundled with 19 utility apps distributed via Google Play and third-party app stores (including the Amazon Appstore, the Samsung Galaxy Store, Aptoide, and APKPure).

Apps bundling the malware included password managers and tools like data savers and app launchers, all of them providing the functionality they promised to avoid raising suspicions.

The malicious apps were removed from the Google Play Store after Lookout reported their discovery. However, the other app stores are likely still distributing them.

Lite Launcher, an app launcher and one of the apps used to deliver the AbstractEmu malware on unsuspecting Android users’ devices, had over 10,000 downloads when taken down from Google Play.

“AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app,” the Lookout researchers said.

“As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading.”

Once installed, AbstractEmu will begin harvesting and sending system information to its command-and-control (C2) server while the malware waits for further commands.

AbstractEmu collected system info
System info collected by AbstractEmu (Lookout)

Exploits upgraded to target more Android devices

To root Android devices it infects, AbstractEmu has multiple tools at its disposal in the form of exploits targeting several vulnerabilities, including CVE-2020-0041, a bug never exploited in the wild by Android apps before this.

The malware also uses a CVE-2020-0069 exploit to abuse a vulnerability found in MediaTek chips used by dozens of smartphone manufacturers that have collectively sold millions of devices.

The threat actors behind AbstractEmu also have enough skills and tech know-how to add support for more targets to publicly available code for CVE-2019-2215 and CVE-2020-0041…

Source…