The Nigerian Communications Commission has warned Android phone users about new malware accessing smartphones and taking control of infected phones.

This was disclosed by the NCC via a statement signed on Tuesday by the commission’s public affairs director, Ikechukwu Adinde.

The NCC said the malware is called AbstractEmu and can access smartphones, take full control of infected smartphones, and silently change device settings while taking action to evade detection.

What NCC says about malware

NCC said the discovery was made by the Nigerian Computer Emergency Response Team. The commission claimed that the malware is distributed through Google Play Store and other third-party stores.

The commission said, “AbstractEmu is distributed through Google Play Store and third-party stores such as the Amazon Appstore and Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

“The notice stated that a total of 19 Android apps that advertised themselves as utility apps and system tools such as password managers, fund managers, app launchers and data backup apps would have been reported as containing the malware’s rooting functionality.

“The apps are said to have been widely distributed through third-party stores and the apps include all passwords, browser anti-ads, data saver, Lite Launcher, My Phone, Night Light, and Phone Plus, among others.”

According to the commission, rooting malware is very dangerous and uses the rooting process to gain privileged access to an Android operating system.

The NCC added that once installed, the attack chain is designed to exploit one of five exploits of old Android security holes that would allow it to gain root permissions.

The NCC said the malware will take control of the device, install additional malware, extract sensitive data and deliver it to a remote server controlled by the attacks.

The commission said, “Additionally, malware can modify phone settings to allow the app to reset the device password or lock the device through the device administrator; draw on other windows; install other packages; access accessibility services; ignore battery optimization; monitor notifications; capture screenshots; record the device screen; deactivate Google Play Protect; as well as change the permissions that grant access to contacts, call logs, short message service (SMS), geographic positioning system (GPS), camera and microphone.

The NCC said that ngCERT advises users to be wary of installing unfamiliar or unusual apps and to look for the different behaviors when using their phones. He added that users should reset their phones to factory settings if unusual behavior is suspected.