From Adanna Nnamani, Abuja
The Nigerian Communications Commission (NCC), has warned Nigerians about a new destructive malware called ‘AbstractEmu’ that attacks Android devices.
Malware is a general term used to refer to a virus or software designed specially to “disrupt, damage, or gain unauthorised access to a computer system.”
The commission in a statement warned that AbstractEmu could completely take over infected devices after gaining access and silently distropt device settings without detection.
Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure are avenues through which AbstractEmu is said to be distributed.
The commission advised the public to be conscious of the kind of applications they install and avoid unknown or unusual apps and look out for different behaviours as they use their phones.
It also advised users to reset phones to factory settings when there is suspicion of unusual behaviours.
According to the NCC, information received from the Nigeria Computer Emergency Response Team (ngCERT), shows that a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.
It listed the apps to include: All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.
“According to the report, rooting malware, although rare, is very dangerous. By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction,” the statement reads.
“Elevated privileges also give the malware access to other apps’ sensitive data, something not possible under normal circumstances.
“The ngCERT advisory also captured the consequences of making their devices susceptible to AbstractEmu attack.
“Once installed, the attack chain is designed to leverage one of five exploits for older Android security flaws that would allow it to gain root permissions. It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server.
“Additionally, the malware can modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.” the statement read.
Last month, the commission had also alerted Nigerians over FluBot: a malware that targets Android devices to steal banking information.