A new form of smartphone malware found on Google Play and elsewhere is capable of infecting the vast majority of Android devices currently in use, and has already affected hundreds of thousands of systems, according to computer security researchers.
The malware family, called Godless, can affect a broad range of devices because it uses several different attack techniques depending on the system targeted, said Trend Micro.
Exploit kits taking advantage of many different vulnerabilities are common in the PC world, but the approach is new to mobile malware, Trend said.
“Godless is reminiscent of an exploit kit, in that it uses an open-source rooting framework called android-rooting-tools,” said Trend Mobile Threats Analyst Veo Zhang in an advisory. “Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90 percent of Android devices run on affected versions.”
The exploit framework targets two widespread Android vulnerabilities, designated CVE-2015-3636 and CVE-2014-3153, as well as a number of less significant bugs, Zhang wrote.
Malicious applications using Godless have made their way into “prominent” app stores including Google Play, and have infected 850,000 devices internationally, with more than 46 percent of the infections in India, Trend said.
The malware also attempts to fraudulently improve app rankings on Google Play, according to the firm.
Earlier versions of the malware contained the unwanted applications and other malicious code within a local file, but a newer variant fetches the payload from a remote server, which may help the malware evade security controls on app stores, according to Trend.
“The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular games,” wrote Zhang. He said one example was a flashlight app in Google Play called “Summer Flashlight”.
The firm said it has also discovered a large number of malicious applications that duplicate “clean” apps found on app stores, using the same developer certificate. That means a user could be infected if they update a non-malicious app via an untrustworthy source, Trend said.
Trend recommended users install apps only from well-known sources such as Amazon and Google Play, and that they use an up-to-date security tool.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…