Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Viruses & Malware / 'Godless' Malware Targets Android
New 'Godless' Malware Targets Android Mobile Devices
New 'Godless' Malware Targets Android Mobile Devices
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Android users have reason to fear “Godless," a new family of malware targeting Android mobile devices that has been detected by digital security firm Trend Micro, the company said yesterday. The malware, named after the ANDROIDOS_GODLESS.HRX filename it uses, uses multiple exploits to root users’ devices.

Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier," according to Veo Zhang, mobile threats analyst at Trend Micro. “As of this writing, almost 90 percent of Android devices run on affected versions,” Zhang wrote in a blog post yesterday. “Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.”

Bypassing Security Checks

According to Trend Micro, Godless is similar to an exploit kit. Both use a type of open source rooting framework called android-rooting-tools. Zhang said that the framework has various exploits in its arsenal that it can use to root a number of different Android-based devices. The two most prominent vulnerabilities targeted by the rooting kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit).

By gaining root privilege, Godless can connect to a command-and-control (C&C) server capable of delivering remote instructions that force the device to download and install additional apps without the user’s knowledge. At best, a user receives unwanted apps on the phones. At worst, the same technique can be used to install a backdoor or spy on the user.

Zhang said that a hacker can use that capability to design a malicious app containing a local exploit binary to fetch the payload from the C&C server, allowing the malicious app itself to pass security checks performed by app stores such as Google Play.

Hidden in Flashlight Apps

“We found various apps in Google Play that contain this malicious code,” Zhang said. “The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular games.”

In addition, a large number of clean apps on Google Play have corresponding versions that are malicious. While the versions on Google Play do not contain the malicious code, Zhang said the risk to users is that they could potentially be upgraded to the malicious versions without knowing about the apps’ new malicious behaviors.

Trend Micro said it has alerted Google about the threat, and the company has taken appropriate actions. Users should be sure to review the developers listed for apps whenever they download new programs from any app store. They should be suspicious about unknown developers. All apps should also be downloaded from trusted stores such as Google or Amazon, Trend Micro said.

Image credit: iStock/Artist's concept.

Tell Us What You Think


Allen Shane:
Posted: 2016-06-24 @ 9:21pm PT
Its true that cyber-attacks are increasing! Silent-pocket products is one of my choice to protect my privacy for all my devices.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.