Android Users Beware “Godless”
If you are an Android user – you have have reason to fear “Godless”, a new
family of malware targeting Android mobile devices that has been detected by digital security firm Trend Micro. The malware, named after the ANDROIDOS_GODLESS.HRX filename it uses, uses multiple exploits to root users’ devices.
Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. Today almost 90 percent of Android devices run on Android 5.1 or earlier. Apparently malicious apps related to this threat can be found in all over Android app stores, including Google Play, and has affected over 850,000 devices worldwide.
Godless is similar to an exploit kit. Both use a type of open source rooting framework called android-rooting-tools. The framework has various exploits in its arsenal that it can use to root a number of different Android-based devices. The two most prominent vulnerabilities targeted by the rooting kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit).
By gaining root privilege, Godless can connect to a command-and-control (C&C) server capable of delivering remote instructions that force the device to download and install additional apps without the user’s knowledge. At best, an iunfected user receives unwanted apps on the phones. At worst, the same technique can be used to install a backdoor on the phone in order to spy on the user.
Google is apparently aware of the threat, and has stated that they are taking “appropriate actions”. I would recommend that should review the developers listed for apps whenever you download new programs from any app store. You should also be suspicious about unknown developers. All apps should also be downloaded from trusted stores such as Google or Amazon.