New Godless Android malware running rampant, over 850,000 devices affected
New malware that targets Google’s Android mobile operating system and hijacks a target phone has affected over 850,000 devices worldwide.
Security firm Trend Micro said the malware, dubbed Godless (ANDROIDOS_GODLESS.HRX), targets a set of rooting exploits in its pockets and uses multiple exploits that can target virtually any Android device running Android 5.1 (Lollipop) or earlier.
The malware utilizes the open source android-rooting-tools framework, which contains exploits for well-known vulnerabilities such as PingPongRoot and Towelroot. Once it finds its way onto a device and roots it, Godless installs a backdoor for remote access that can be used to download unwanted apps and advertisements, as well as apps that can spy on users.
Godless is also said to be evolving, with the company explaining that “recently, we came across a new Godless variant that is made to only fetch the exploit and the payload from a remote command and control (C&C) server, … We believe that this routine is done so that the malware can bypass security checks done by app stores, such as Google Play.”
Distribution
The Godless malware is being distributed via infected apps, including “various apps” available in Google Play that include utility apps such as flashlights and Wi-Fi apps, to copies of popular games; one example is a malicious flashlight app in Google Play called “Summer Flashlight” that contains the malicious Godless code.
Interestingly, Trend Micro added that they have also found a lot of clean apps on Google Play that have corresponding malicious versions, in that they share the same developer certificate.
Versions on Google Play that do not have the malicious code but share the same certificate run the risk of being upgraded to malicious versions later without the user ever knowing they have been affected.
Trend Micro warned users that along with practicing safe internet (such as having a virus scanner installed on their phone) when downloading apps, regardless if it’s a utility tool or a popular game, the developer should always have reviews; “unknown developers with very little or no background information may be the source of these malicious apps.”
Despite infected apps being available on Google Play, Trend Micro added that as a general rule, it is always best to download apps from trusted stores such as Google Play and Amazon.
Feature image by Uncalno Tekno
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU