A new form of smartphone malware found on Google Play and elsewhere is capable of infecting the vast majority of Android devices currently in use, and has already affected hundreds of thousands of systems, according to computer security researchers.
The malware family, called Godless, can affect a broad range of devices because it uses several different attack techniques depending on the system targeted, said Trend Micro.
Exploit kits taking advantage of many different vulnerabilities are common in the PC world, but the approach is new to mobile malware, Trend said.
“Godless is reminiscent of an exploit kit, in that it uses an open-source rooting framework called android-rooting-tools,” said Trend Mobile Threats Analyst Veo Zhang in an advisory. “Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90 percent of Android devices run on affected versions.”
The exploit framework targets two widespread Android vulnerabilities, designated CVE-2015-3636 and CVE-2014-3153, as well as a number of less significant bugs, Zhang wrote.
Malicious applications using Godless have made their way into “prominent” app stores including Google Play, and have infected 850,000 devices internationally, with more than 46 percent of the infections in India, Trend said.
The malware also attempts to fraudulently improve app rankings on Google Play, according to the firm.
Earlier versions of the malware contained the unwanted applications and other malicious code within a local file, but a newer variant fetches the payload from a remote server, which may help the malware evade security controls on app stores, according to Trend.
“The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular games,” wrote Zhang. He said one example was a flashlight app in Google Play called “Summer Flashlight”.
The firm said it has also discovered a large number of malicious applications that duplicate “clean” apps found on app stores, using the same developer certificate. That means a user could be infected if they update a non-malicious app via an untrustworthy source, Trend said.
Trend recommended users install apps only from well-known sources such as Amazon and Google Play, and that they use an up-to-date security tool.
Quiz: Have you been paying attention to security in 2016?
E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…
Supreme Court in US on Friday is to hear oral arguments that could well decide…
Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…
As US ban looms this month, TikTok faces a buyout offer for its US assets…
Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…
Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…