The Nigerian Computer Emergency Agency has discovered a new Android malware that gains access to smartphones and takes control of infected phones. Aptly named AbstractEmu, the malware takes complete control of the infected phone smartphones and silently modifies devices settings whilst simultaneously taking steps to evade detection.
The Nigerian Communications Communications, NCC, in a statement claimed that the “AbstractEmu is distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.
In an advisory signed by the commission’s Director, Public Affairs, Ikechukwu Adinde, the NCC explained that “a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware”
“The apps are said to have been prominently distributed via the third-party stores and the apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light, and Phone Plus, among others.”
The advisory further noted that “the rooting malware is very dangerous, and uses the rooting process to gain privileged access to an android operating system”
The attack chain, according to the NCC, is designed to use one of five exploits for older Android security issues to get root capabilities once loaded.
The malware will take over the device, install further malware, extract sensitive data, and send it to a distant attack-controlled server, according to the NCC.
“Additionally, the malware can modify phone settings to give app ability to reset device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimization; monitor notifications.
“It can also capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS) messages, and modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS) messages”.
According to the NCC, ngCERT encourages users to be aware of installing unknown or strange apps and to be on the lookout for unusual behavior while using their phones. When there is a suspicion of strange behavior, customers should reset their phones to factory settings, according to the company.
