Android Malware known as “Godless” Found on Google Play Store, Delivers Rooting Exploits

Beware Android users: a new kind of malware was found in genuine-looking apps, which is capable to "root" your smartphone and then secretly install unsolicited programs.

Trend Micro posted a blog on Tuesday stating that the malware, known as Godless, was found lurking in app stores, such as Google Play, and then targets the devices running on Android 5.1 (Lollipop) and before, which accounts for over 90% of Android devices.

Godless remain hidden inside an application, and then uses the exploits while trying to root operating system of your phone. This essentially creates administrator access to a device, thus allowing installation of unauthorized apps.

Source code was analyzed by Trend Micro, on the basis of which, it says Godless will be able to root all the versions of Android beginning from Android Lollipop (5.1) and before. Godless possesses portfolio of the rooting exploits, on the basis of which it could supposedly root 90% of all the Android devices that are in circulation today.

Softpedia.com posted on June 22nd, 2016, stating that the most powerful rooting exploits that can be found in the collection of hacking tools by Godless, include CVE-2014-3153 (Towelroot exploit) and CVE-2015-3636 (PingPongRoot exploit).

Godless started communicating with C&C server after gaining root privileges, from where it receives apps list to be installed on rooted device.

Researchers of Trend Micro observed previous versions of the malware few months before; and said that Godless used to download a replica of Google Play Store official app, which it would use to gather the Google credentials of the users.

Trend says that it has already seen 850,000 devices that are affected so far, with about half in India and more in other countries of South-East Asia. Less than 2% can be found in US.

Trend said that the developer should always be reviewed by the users while downloading apps, in spite of if it's a popular game or a utility tool. Trend further said that "Unknown developers with very little or no background information may be the source of these malicious apps".

Trend says that it is best if apps are downloaded from the trusted stores, like Amazon and Google Play, and also recommends buying some security software for the mobile.

Godless, having these credentials in hand, will download as well as install various apps by using genuine Google Play Store app.

» SPAMfighter News - 6/28/2016