Godless Malware Targets 90 Percent Of Android Devices: Here's What It Can Do

A new malware that affects Android-powered mobile devices and could potentially create havoc has been detected by researchers. Trend Micro researchers discovered the malware ANDROIDOS_GODLESS.HRX and have dubbed it "Godless."

The Godless malware family is capable of leveraging manifold rooting exploits, rendering Android tablets and smartphones vulnerable.

The malware targets over 90 percent Android devices — those that are running on Android 5.1 Lollipop or earlier versions of the Google OS. Trend Micro reveals that Godless has already affected nearly 850,000 Android mobile devices globally.

So where is the malware found, you wonder? The answer is bound to surprise you!

"Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide," noted the company in a statement.

According to the researchers at Trend Micro, the malware can be distributed by several methods and is not limited to a single location.

Godless basically deploys a framework dubbed "Android-rooting-tools" to get the root access for Android-powered smartphones or tablets that run on Android 5.1 Lollipop or earlier versions of the OS.

The Godless malware is housed inside a multitude of apps, and when executed, it is able to download the Android-rooting-tools from GitHub, which are essentially a group of leaked or open-source exploits that help in rooting Android-powered devices.

What Can It Do?

Once it has got root access, the malware relays information to the creator and awaits instructions. It gets a list of apps that need to be installed from the C&C server on the rooted device.

Alarmingly, Godless can often download unwanted applications on the sly. Moreover, it is able to display adverts that are malicious.

Godless does not stop at that, it is also able to install backdoors on the device and can "spy on users."

If an app infected by the Godless malware is running, after it has completed downloading the rooting exploits — like the potent PingPongRoot exploit or the Towelroot exploit — the malicious software ensures that the screen is switched off. It will then execute the code.

Interestingly, previous variants of Godless would download a fake version of the Google Play Store app. This would then be deployed to gather the Google credentials of the user. Once the details were garnered, Godless would be able to both download and install alternate apps from the genuine Google Play Store application.

Are You Affected?

According to the estimates of Trend Micro, most of the affected users — 46.19 percent are in India. The top three is rounded off by Indonesia and Thailand at 10.27 percent and 9.47 percent, respectively. The U.S. has 1.51 percent affected users.

Photo: David Recordon | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics