There is a New Android Malware, ngCERT Warns Nigerians

Weeks after the Nigerian Communication Commission (NCC) alerted telecom consumers of the existence of high risk and extremely dangerous Android targeting malware called Flubot, ngCERT has once again warned that a new Android malware has been discovered.

Nigeria Computer Emergency Response Team (ngCERT) warns that the new malware called AbstractEmu can gain access to smartphones and take complete control by silently modifying device settings and at the same time taking steps to evade detection.

ngCERT is the national agency established by the federal government to manage the risk of Cybercrime threats in Nigeria. They also coordinate responses and mitigation strategies to proactively prevent cybercrime attacks against Nigerians.

According to ngCERT, the new malware, AbstractEmu, has been found to be distributed via the Google Play store, third-party stores like Amazon, Appstore, and Samsung Galaxy Store. It has also been found in smaller stores like; Aptoide, Apkpure, Anti-ads Browser, Data saver, Lite Luncher, My Phone among others.

A total of 19 Android applications posing as utility apps and system tools like password managers, money managers, app launchers and data saving apps have been reported to contain the rooting functionality of the malware.

The advisory agency gave the effect the malware could have on devices when installed to include; the malware taking over devices, installing additional malware, extracting sensitive data and transmitting the data to a remote attack-controlled server.

The malware can also modify the phone settings to give the app the ability to reset the device’s password and lock the device through the device admin. It can similarly access accessibility services, ignore battery optimization, monitor notifications, capture screenshots, record device screen, disable Google Play protection.

It can modify permission that grants access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera and the microphone of affected devices.

The ngCERT did make clear that Google Play Store has removed affected malicious apps from its store, other apps are still believed to be distributing the malware-infected apps.

On its part, as a way to sensitize the public, the NCC has reiterated the two-fold ngCERT advisory given in order to mitigate the risk of malware.

NCC said:

• Users should be wary of installing unknown or unusual apps and look out for different behaviors as they use their phones.
• Users should reset their phone to factory settings when there is suspicion of unusual behaviors in their phones.

It is important to keep to this advice as the report has affirmed that AbstractEmu is rooting malware, although very rare, it is very dangerous.