Get 23% off Apple Watch Series 9!

“Godless” malware can affect 90% of Android devices, installs unwanted apps

By
60comments
Google News Follow
Follow us on Google News
Android
“Godless” malware can affect 90% of Android devices, installs unwanted apps
Researchers at security intelligence blog Trend Micro have discovered a new version of mobile malware “Godless” that targets devices running Android 5.1 Lollipop or earlier. Unfortunately, that means almost 90% of all Android devices used worldwide are vulnerable to the threat.

Godless is similar to an exploit kit, having multiple exploits, and uses an open-source rooting framework called android-rooting-tools. This is what the company had to say in its official statement regarding the newly found threat:

Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.


According to Trend Micro, upon gaining root privilege, the malware can then be remotely controlled to silently install unwanted software on the affected device, or even worse – to spy on the user.

Malicious apps using older versions of the Godless contain a local exploit binary, which uses exploit code from the android-rooting-tools framework. Once the app is downloaded, the malware waits until the affected device's screen is off to begin the rooting process. Once it's done, it then drops a payload as a system app in the form of an AES-encrypted file called “_image”. It cannot be easily removed.

Global distribution of affected devices - “Godless” malware can affect 90% of Android devices, installs unwanted apps
Global distribution of affected devices

However, the new variant of Godless is “made to only fetch the exploit and the payload from a remote command and control (C&C) server.“ Experts believe that this is so that the malware can bypass security checks done by app stores such as Google Play.

We found various apps in Google Play that contain this malicious code. The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular games. For example, a malicious flashlight app in Google Play called “Summer Flashlight” contained the malicious Godless code.


Recommended Stories
The aforementioned app seems to have been removed from Google Play. Trend Micro goes on to warn:

We have also seen a large amount of clean apps on Google Play that has corresponding malicious versions – they share the same developer certificate – in the wild. The versions on Google Play do not have the malicious code. Thus, there is a potential risk that users with non-malicious apps will be upgraded to the malicious versions without them knowing about apps’ new malicious behavior. Note that updating apps outside of Google Play is a violation of the store’s terms and conditions.


When downloading apps, regardless of their nature, you should always do a quick background check on the developer. It sounds tedious, we know, but it's a good idea nonetheless. Unknown new developers could be a source of malicious apps, Trend Micro warns. Dwonloading a trusted antivirus app might also be a good idea, as well as avoiding apps from untrusted sources.

source: Trend Micro

Recommended Stories

Loading Comments...

Popular stories

T-Mobile and SpaceX's direct-to-cell service is suddenly so much more exciting
T-Mobile and SpaceX's direct-to-cell service is suddenly so much more exciting
Upcoming T-Mobile Tuesdays gift might be this season's comfiest accessory
Upcoming T-Mobile Tuesdays gift might be this season's comfiest accessory
The dream smartphone will finally become reality in 2025
The dream smartphone will finally become reality in 2025
New Google Messages feature to allow users to choose custom images for contacts
New Google Messages feature to allow users to choose custom images for contacts
Best Buy is incredibly selling the Moto G Play (2024) for $9.99 with (almost) no strings attached
Best Buy is incredibly selling the Moto G Play (2024) for $9.99 with (almost) no strings attached
Samsung and Apple reportedly looking to acquire Intel, what it means for you
Samsung and Apple reportedly looking to acquire Intel, what it means for you

Latest News

Meta's Llama AI model turned into a military tool in China
Meta's Llama AI model turned into a military tool in China
Don't miss the fine print with T-Mobile unit Mint Mobile's Mint Kids deal
Don't miss the fine print with T-Mobile unit Mint Mobile's Mint Kids deal
SpaceX five satellite launches away from bringing T-Mobile users Direct-to-Cell service
SpaceX five satellite launches away from bringing T-Mobile users Direct-to-Cell service
Owners of two Samsung devices will be able to download Android 15 beta in 15 days - leak
Owners of two Samsung devices will be able to download Android 15 beta in 15 days - leak
More people are downloading iOS 18.1 than iOS 17.1, Tim Cook reveals
More people are downloading iOS 18.1 than iOS 17.1, Tim Cook reveals
Key Apple executive says goodbye to the media and analysts just weeks before his departure
Key Apple executive says goodbye to the media and analysts just weeks before his departure
FCC OKs Cingular\'s purchase of AT&T Wireless