Thursday, 30 June 2016

Beware! Scores of Malicious Apps on Google Play Store Can Root, Hack 90% of Android Devices

 It is no news that Google Play Store is swamped with malicious apps that could entice users’ into downloading them. What is news is that the number of malicious Apps in Google Play Store has increased tremendously. Researchers at Trend Micro recently detected a family of malicious Apps, dubbed 'Godless,' that has the capability of secretly rooting almost 90 percent of all Android phones.


The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps.
.

The malicious apps packed with Godless contain a collection of open-source or leaked Android rooting exploits that works on any device running Android 5.1 Lollipop or earlier.

Since Android ecosystem is so broken that around 90 percent of all Android devices are vulnerable to this malicious software. Godless apps have already been installed on more than 850,000 devices worldwide so far.

Rooting a device could expose a user to several security risks as it practically opens the door to unwanted access, hardware failure, data leaks and information theft, and so on if the developer has malicious intent.

Based on the source code they analyzed, Trend Micro researchers say that once an app with Godless malware is installed on a victim’s device, it uses a framework known as "android-rooting-tools" to gain root access to the victim's device.

From there, the malware will make sure the victim's screen is turned off before executing the malicious code.


Here's what a Godless-Packed App can do to your Device:


Once Godless gained root privileges, it starts communicating with a command and control (C&C) server, from where it gets an apps list to be installed on the rooted device and installs them without the users knowledge, and all of this can be done remotely as well.

"With root privilege, the malware can then receive remote instructions on which app to download and silently install on mobile devices," Trend Micro says. "This can then lead to affected users receiving unwanted apps, which may then lead to unwanted ads. Even worse, these threats can also be used to install backdoors and spy on users."


The researchers say the malware has the ability to bypass security checks done Google Play store and other online app stores.

Although there are several apps in Google Play, including utility apps like flashlights, Wi-Fi apps, and popular game apps, that contain the malicious Godless code, Trend Micro had identified only one such Android app by name.

Dubbed Summer Flashlight, the malicious app had been installed from 1,000 to 5,000 times, and was recently removed from the Google Play store, but it's still listed in search engine caches for the time being.

Godless is the latest Android malware to use rooting exploits in order to gain a persistent foothold on victims' handsets. Based on the graphic, most victims are located in India, followed by Indonesia, and Thailand (9.47 percent). The US also has around 17,000 Godless downloads.

"Unknown developers with very little or no background information may be the source of these malicious apps," Trend Micro notes.

So, in order to avoid being a victim to one such app, Android users are advised to avoid using third-party app stores and always "review the developer" when downloading apps even from Google’s official store.

Culled from: The Hacker News