A new form of smartphone malware found on Google Play and elsewhere is capable of infecting the vast majority of Android devices currently in use, and has already affected hundreds of thousands of systems, according to computer security researchers.
The malware family, called Godless, can affect a broad range of devices because it uses several different attack techniques depending on the system targeted, said Trend Micro.
Exploit kits taking advantage of many different vulnerabilities are common in the PC world, but the approach is new to mobile malware, Trend said.
“Godless is reminiscent of an exploit kit, in that it uses an open-source rooting framework called android-rooting-tools,” said Trend Mobile Threats Analyst Veo Zhang in an advisory. “Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90 percent of Android devices run on affected versions.”
The exploit framework targets two widespread Android vulnerabilities, designated CVE-2015-3636 and CVE-2014-3153, as well as a number of less significant bugs, Zhang wrote.
Malicious applications using Godless have made their way into “prominent” app stores including Google Play, and have infected 850,000 devices internationally, with more than 46 percent of the infections in India, Trend said.
The malware also attempts to fraudulently improve app rankings on Google Play, according to the firm.
Earlier versions of the malware contained the unwanted applications and other malicious code within a local file, but a newer variant fetches the payload from a remote server, which may help the malware evade security controls on app stores, according to Trend.
“The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular games,” wrote Zhang. He said one example was a flashlight app in Google Play called “Summer Flashlight”.
The firm said it has also discovered a large number of malicious applications that duplicate “clean” apps found on app stores, using the same developer certificate. That means a user could be infected if they update a non-malicious app via an untrustworthy source, Trend said.
Trend recommended users install apps only from well-known sources such as Amazon and Google Play, and that they use an up-to-date security tool.
Quiz: Have you been paying attention to security in 2016?
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…